| 2007-07-11 11:40:50 |
disabled.user |
bug |
|
|
added bug |
| 2007-07-11 11:43:34 |
disabled.user |
description |
Binary package hint: flashplugin-nonfree
An updated version of Adobe Flash Player, that fixes possible arbitrary code execution, is available. Please provide updated packages for flashplugin-nonfree.
From:
http://www.heise-security.co.uk/news/92520
"While an input validation error could lead to arbitrary code execution in Flash Player 9.0.45.0 and prior versions, insufficient validation of the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software." |
Binary package hint: flashplugin-nonfree
An updated version of Adobe Flash Player, that fixes possible arbitrary code execution, is available. Please provide updated packages for flashplugin-nonfree.
From:
http://www.heise-security.co.uk/news/92520
"While an input validation error could lead to arbitrary code execution in Flash Player 9.0.45.0 and prior versions, insufficient validation of the HTTP Referer in Flash Player 8.0.34.0 and earlier versions might help attackers to execute cross-site scripting attacks. Another security problem related to the Opera and Konqueror browsers exists in Flash Player 7 (version 7.0.70.0) for Linux and Solaris, but Adobe does not provide more detailed information on this issue. The vendor advises users to upgrade to version 9.0.47, but also provides patches for other versions of the software."
Corresponding Adobe Security Advisories:
http://www.adobe.com/support/security/bulletins/apsb07-12.html |
|
| 2007-07-13 22:30:07 |
Daniel T Chen |
flashplugin-nonfree: status |
New |
Fix Released |
|
| 2007-07-20 07:33:26 |
Martin Pitt |
flashplugin-nonfree: importance |
Undecided |
High |
|
| 2007-07-20 07:33:26 |
Martin Pitt |
flashplugin-nonfree: assignee |
|
gnomefreak |
|
| 2007-07-20 07:33:26 |
Martin Pitt |
flashplugin-nonfree: statusexplanation |
|
|
|
| 2007-07-20 07:34:01 |
Martin Pitt |
flashplugin-nonfree: status |
New |
Fix Committed |
|
| 2007-07-20 07:34:01 |
Martin Pitt |
flashplugin-nonfree: statusexplanation |
|
flashplugin-nonfree (9.0.48.0.0ubuntu1~7.04.1) feisty-proposed; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution due to insufficient input
validation (LP: #125233)
* References
http://www.adobe.com/support/security/bulletins/apsb07-12.html
CVE-2007-3456, CVE-2007-3457, CVE-2007-2022
* debian/config: Update install_flash_player_9_linux.tar.gz's md5sum
(LP: #125986)
Accepted into feisty-proposed. |
|
| 2007-07-20 08:03:24 |
John Vivirito |
flashplugin-nonfree: status |
Fix Committed |
Fix Released |
|
| 2007-07-21 09:29:20 |
Tormod Volden |
flashplugin-nonfree: status |
Fix Released |
Fix Committed |
|
| 2007-07-21 09:29:20 |
Tormod Volden |
flashplugin-nonfree: statusexplanation |
flashplugin-nonfree (9.0.48.0.0ubuntu1~7.04.1) feisty-proposed; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution due to insufficient input
validation (LP: #125233)
* References
http://www.adobe.com/support/security/bulletins/apsb07-12.html
CVE-2007-3456, CVE-2007-3457, CVE-2007-2022
* debian/config: Update install_flash_player_9_linux.tar.gz's md5sum
(LP: #125986)
Accepted into feisty-proposed. |
According to https://wiki.ubuntu.com/MOTU/SRU, the Feisty task is committed, not released. There is also no notification posted on the ubuntu-motu mailing list.
Please check that the new package also works for upgrades. |
|
| 2007-07-21 18:34:39 |
John Vivirito |
marked as duplicate |
|
125986 |
|
| 2009-08-07 16:45:15 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/flashplugin-nonfree |
|
| 2009-08-07 16:53:14 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/feisty-security/flashplugin-nonfree |
|
