Bug 182013 - www/linux-f10-flashplugin11 is vulnerable
Summary: www/linux-f10-flashplugin11 is vulnerable
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Eitan Adler
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-09-11 14:20 UTC by TsurutaniNaoki
Modified: 2013-09-13 14:20 UTC (History)
1 user (show)

See Also:

Attachments
file.diff (1.43 KB, patch)
2013-09-11 14:20 UTC, TsurutaniNaoki 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description TsurutaniNaoki 2013-09-11 14:20:00 UTC 
	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://www.adobe.com/support/security/bulletins/apsb13-21.html

Fix: 11.2.202.310 is available.
	here is a patch:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2013-09-11 14:20:09 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->eadler

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2013-09-13 14:13:49 UTC 
Author: eadler
Date: Fri Sep 13 13:13:36 2013
New Revision: 327145
URL: http://svnweb.freebsd.org/changeset/ports/327145

Log:
  Update flash to version 11.2.202.310
  
  PR:		ports/182013
  Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
  Security:	http://www.vuxml.org/freebsd/5bd6811f-1c75-11e3-ba72-98fc11cdc4f5

Modified:
  head/security/vuxml/vuln.xml
  head/www/linux-f10-flashplugin11/Makefile
  head/www/linux-f10-flashplugin11/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Sep 13 12:12:49 2013	(r327144)
+++ head/security/vuxml/vuln.xml	Fri Sep 13 13:13:36 2013	(r327145)
@@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="5bd6811f-1c75-11e3-ba72-98fc11cdc4f5">
+    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-f10-flashplugin</name>
+	<range><lt>11.2r202.310</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb13-21.html">
+	  <p>These updates address vulnerabilities that could cause a crash
+	    and potentially allow an attacker to take control of the affected system.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-3361</cvename>
+      <cvename>CVE-2013-3362</cvename>
+      <cvename>CVE-2013-3363</cvename>
+      <cvename>CVE-2013-5324</cvename>
+      <url>http://www.adobe.com/support/security/bulletins/apsb13-21.html</url>
+    </references>
+    <dates>
+      <discovery>2013-09-10</discovery>
+      <entry>2013-09-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a851b305-1bc3-11e3-95b7-00e0814cab4e">
     <topic>django -- multiple vulnerabilities</topic>
     <affects>

Modified: head/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- head/www/linux-f10-flashplugin11/Makefile	Fri Sep 13 12:12:49 2013	(r327144)
+++ head/www/linux-f10-flashplugin11/Makefile	Fri Sep 13 13:13:36 2013	(r327145)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.297
+PORTVERSION=	11.2r202.310
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: head/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- head/www/linux-f10-flashplugin11/distinfo	Fri Sep 13 12:12:49 2013	(r327144)
+++ head/www/linux-f10-flashplugin11/distinfo	Fri Sep 13 13:13:36 2013	(r327145)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.297/install_flash_player_11_linux.i386.tar.gz) = 9e20d25df0bc008d02b5fc5d78a972de8f4c7f738e165e3163ef64255611f256
-SIZE (flashplugin/11.2r202.297/install_flash_player_11_linux.i386.tar.gz) = 6923530
-SHA256 (flashplugin/11.2r202.297/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.297/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.310/install_flash_player_11_linux.i386.tar.gz) = 7051aee6bbca66a562c1a8acfa63533744c71cdbe231276f4097462dd24dc061
+SIZE (flashplugin/11.2r202.310/install_flash_player_11_linux.i386.tar.gz) = 6923724
+SHA256 (flashplugin/11.2r202.310/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.310/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2013-09-13 14:15:58 UTC 
State Changed
From-To: open->closed

Committed. Thanks!