Bug 175159 - www/linux-f10-flashplugin11 is vulnerable
www/linux-f10-flashplugin11 is vulnerable
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Eitan Adler
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-09 11:40 UTC by turutani
Modified: 2013-02-08 19:20 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.44 KB, patch)
2013-01-09 11:40 UTC, turutani
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description turutani 2013-01-09 11:40:01 UTC
	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://www.adobe.com/support/security/bulletins/apsb13-01.html

Fix: 11.2r202.261 is available.
	here are patches:
Comment 1 Edwin Groothuis freebsd_committer 2013-01-09 11:40:14 UTC
Responsible Changed
From-To: freebsd-ports-bugs->emulation

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Mark Linimon freebsd_committer 2013-01-27 10:04:23 UTC
Responsible Changed
From-To: emulation->freebsd-emulation

Canonicalize assignment.
Comment 3 turutani 2013-02-08 14:06:54 UTC
another security update has been issued.
ref; http://www.adobe.com/support/security/bulletins/apsb13-04.html
here is a patch:
--- Makefile.orig	2013-01-19 18:45:31.000000000 +0900
+++ Makefile	2013-02-08 14:35:55.000000000 +0900
@@ -2,7 +2,7 @@
 # $FreeBSD: ports/www/linux-f10-flashplugin11/Makefile,v 1.44 2013/01/19 09:45:31 svnexp Exp $
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.261
+PORTVERSION=	11.2r202.262
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib
--- distinfo.orig	2013-01-19 18:45:31.000000000 +0900
+++ distinfo	2013-02-08 14:40:47.000000000 +0900
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.261/install_flash_player_11_linux.i386.tar.gz) = c66d4a25f9f3c4598b1c1802e862430e3598aa6910aeda220c607483798b67f0
-SIZE (flashplugin/11.2r202.261/install_flash_player_11_linux.i386.tar.gz) = 6917481
-SHA256 (flashplugin/11.2r202.261/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.261/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.262/install_flash_player_11_linux.i386.tar.gz) = 5dcb830c16d4862384c72448037d0ee4d0b5d192f529d8bec3465d6548a61a3a
+SIZE (flashplugin/11.2r202.262/install_flash_player_11_linux.i386.tar.gz) = 6917470
+SHA256 (flashplugin/11.2r202.262/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.262/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
Comment 4 Eitan Adler freebsd_committer 2013-02-08 15:14:44 UTC
Responsible Changed
From-To: freebsd-emulation->eadler

I'll take it.
Comment 5 Eitan Adler freebsd_committer 2013-02-08 19:10:39 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 6 dfilter freebsd_committer 2013-02-08 19:18:54 UTC
Author: eadler
Date: Fri Feb  8 19:18:40 2013
New Revision: 311950
URL: http://svnweb.freebsd.org/changeset/ports/311950

Log:
  Update flash to the latest version
  
  PR:		ports/175159
  Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Modified:
  head/security/vuxml/vuln.xml
  head/www/linux-f10-flashplugin11/Makefile
  head/www/linux-f10-flashplugin11/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Feb  8 19:11:12 2013	(r311949)
+++ head/security/vuxml/vuln.xml	Fri Feb  8 19:18:40 2013	(r311950)
@@ -51,6 +51,34 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="414e6a41-7204-11e2-8599-001060e06fd4">
+    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-f10-flashplugin</name>
+	<range><lt>11.2r202.262</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="https://www.adobe.com/support/security/bulletins/apsb13-04.html">
+	  <p>These updates address vulnerabilities that could cause a crash
+	    and potentially allow an attacker to take control of the affected system.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-0633</cvename>
+      <cvename>CVE-2013-0634</cvename>
+      <url>https://www.adobe.com/support/security/bulletins/apsb13-04.html</url>
+    </references>
+    <dates>
+      <discovery>2013-02-07</discovery>
+      <entry>2013-02-08</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="00b0d8cd-7097-11e2-98d9-003067c2616f">
   <topic>OpenSSL -- TLS 1.1, 1.2 denial of service</topic>
     <affects>

Modified: head/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- head/www/linux-f10-flashplugin11/Makefile	Fri Feb  8 19:11:12 2013	(r311949)
+++ head/www/linux-f10-flashplugin11/Makefile	Fri Feb  8 19:18:40 2013	(r311950)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.261
+PORTVERSION=	11.2r202.262
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: head/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- head/www/linux-f10-flashplugin11/distinfo	Fri Feb  8 19:11:12 2013	(r311949)
+++ head/www/linux-f10-flashplugin11/distinfo	Fri Feb  8 19:18:40 2013	(r311950)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.261/install_flash_player_11_linux.i386.tar.gz) = c66d4a25f9f3c4598b1c1802e862430e3598aa6910aeda220c607483798b67f0
-SIZE (flashplugin/11.2r202.261/install_flash_player_11_linux.i386.tar.gz) = 6917481
-SHA256 (flashplugin/11.2r202.261/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.261/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.262/install_flash_player_11_linux.i386.tar.gz) = 5dcb830c16d4862384c72448037d0ee4d0b5d192f529d8bec3465d6548a61a3a
+SIZE (flashplugin/11.2r202.262/install_flash_player_11_linux.i386.tar.gz) = 6917470
+SHA256 (flashplugin/11.2r202.262/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.262/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"