176904 – www/linux-f10-flashplugin11 is vulnerable

Bug 176904 - www/linux-f10-flashplugin11 is vulnerable

Summary: www/linux-f10-flashplugin11 is vulnerable

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Eitan Adler

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-03-13 03:30 UTC by TsurutaniNaoki
Modified:	2013-03-13 04:15 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (1.43 KB, patch) 2013-03-13 03:30 UTC, TsurutaniNaoki	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description TsurutaniNaoki 2013-03-13 03:30:00 UTC

	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://www.adobe.com/support/security/bulletins/apsb13-09.html

Fix: new version is available.
	here is a patch:

Comment 1 Edwin Groothuis freebsd_committer

2013-03-13 03:30:09 UTC

Responsible Changed
From-To: freebsd-ports-bugs->eadler

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 dfilter service freebsd_committer

2013-03-13 04:04:56 UTC

Author: eadler
Date: Wed Mar 13 04:04:47 2013
New Revision: 314021
URL: http://svnweb.freebsd.org/changeset/ports/314021

Log:
  Update flash the latest (hopefully) secure version.
  
  PR:		ports/176904
  Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
  Security:	http://www.vuxml.org/freebsd/5ff40cb4-8b92-11e2-bdb6-001060e06fd4.html

Modified:
  head/security/vuxml/vuln.xml
  head/www/linux-f10-flashplugin11/Makefile
  head/www/linux-f10-flashplugin11/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Mar 13 03:47:16 2013	(r314020)
+++ head/security/vuxml/vuln.xml	Wed Mar 13 04:04:47 2013	(r314021)
@@ -51,6 +51,35 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="5ff40cb4-8b92-11e2-bdb6-001060e06fd4">
+    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-f10-flashplugin</name>
+	<range><lt>11.2r202.275</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb13-09.html">
+	  <p>These updates address vulnerabilities that could cause a crash
+	    and potentially allow an attacker to take control of the affected system.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-0646</cvename>
+      <cvename>CVE-2013-0650</cvename>
+      <cvename>CVE-2013-1371</cvename>
+      <cvename>CVE-2013-1375</cvename>
+    </references>
+    <dates>
+      <discovery>2013-03-12</discovery>
+      <entry>2013-03-12</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="cda566a0-2df0-4eb0-b70e-ed7a6fb0ab3c">
     <topic>puppet27 and puppet -- multiple vulnerabilities</topic>
     <affects>

Modified: head/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- head/www/linux-f10-flashplugin11/Makefile	Wed Mar 13 03:47:16 2013	(r314020)
+++ head/www/linux-f10-flashplugin11/Makefile	Wed Mar 13 04:04:47 2013	(r314021)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.273
+PORTVERSION=	11.2r202.275
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: head/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- head/www/linux-f10-flashplugin11/distinfo	Wed Mar 13 03:47:16 2013	(r314020)
+++ head/www/linux-f10-flashplugin11/distinfo	Wed Mar 13 04:04:47 2013	(r314021)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.273/install_flash_player_11_linux.i386.tar.gz) = ad6e5e8ca4f76b834f86856252deacaf1bae7cb6b976181e3e05af77762761bd
-SIZE (flashplugin/11.2r202.273/install_flash_player_11_linux.i386.tar.gz) = 6922290
-SHA256 (flashplugin/11.2r202.273/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.273/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.275/install_flash_player_11_linux.i386.tar.gz) = d58b597d69dcf1b61c062624f982cdb035631ed37d0bbda4f8fe8bdd6712b1ef
+SIZE (flashplugin/11.2r202.275/install_flash_player_11_linux.i386.tar.gz) = 6924007
+SHA256 (flashplugin/11.2r202.275/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.275/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"

Comment 3 Eitan Adler freebsd_committer

2013-03-13 04:15:43 UTC

State Changed
From-To: open->closed

wow, the PRs are faster than the mailing list for flash CVEs.  keep it 
up!