Bug 179502 - www/linux-f10-flashplugin11 is vulnerable.
www/linux-f10-flashplugin11 is vulnerable.
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Eitan Adler
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-11 23:20 UTC by turutani
Modified: 2013-07-15 22:10 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.43 KB, patch)
2013-06-11 23:20 UTC, turutani
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description turutani 2013-06-11 23:20:00 UTC
	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://www.adobe.com/support/security/bulletins/apsb13-16.html

Fix: 11.2r202.291 is available.
	here is a patch:
Comment 1 Edwin Groothuis freebsd_committer 2013-06-11 23:20:09 UTC
Responsible Changed
From-To: freebsd-ports-bugs->eadler

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter freebsd_committer 2013-06-11 23:44:52 UTC
Author: eadler
Date: Tue Jun 11 22:44:39 2013
New Revision: 320654
URL: http://svnweb.freebsd.org/changeset/ports/320654

Log:
  Update to 11.2r202.291
  
  PR:		ports/179502
  Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Modified:
  head/security/vuxml/vuln.xml
  head/www/linux-f10-flashplugin11/Makefile
  head/www/linux-f10-flashplugin11/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Jun 11 22:26:36 2013	(r320653)
+++ head/security/vuxml/vuln.xml	Tue Jun 11 22:44:39 2013	(r320654)
@@ -51,6 +51,32 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="fce67546-d2e7-11e2-a9bf-98fc11cdc4f5">
+    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-f10-flashplugin</name>
+	<range><lt>11.2r202.291</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb13-16.html">
+	  <p>These updates address vulnerabilities that could cause a crash
+	    and potentially allow an attacker to take control of the affected system.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-3343</cvename>
+    </references>
+    <dates>
+      <discovery>2013-08-11</discovery>
+      <entry>2013-08-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="d7a43ee6-d2d5-11e2-9894-002590082ac6">
     <topic>owncloud -- Multiple security vulnerabilities</topic>
     <affects>

Modified: head/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- head/www/linux-f10-flashplugin11/Makefile	Tue Jun 11 22:26:36 2013	(r320653)
+++ head/www/linux-f10-flashplugin11/Makefile	Tue Jun 11 22:44:39 2013	(r320654)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.285
+PORTVERSION=	11.2r202.291
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: head/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- head/www/linux-f10-flashplugin11/distinfo	Tue Jun 11 22:26:36 2013	(r320653)
+++ head/www/linux-f10-flashplugin11/distinfo	Tue Jun 11 22:44:39 2013	(r320654)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.285/install_flash_player_11_linux.i386.tar.gz) = a7f109a871deeb3cff19b483d5ca2a996402e81793d7edf83b95b4c771694100
-SIZE (flashplugin/11.2r202.285/install_flash_player_11_linux.i386.tar.gz) = 6923111
-SHA256 (flashplugin/11.2r202.285/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.285/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.291/install_flash_player_11_linux.i386.tar.gz) = 513abbfd9e4d7115c00264d82654ad226aa22f44e837301ccd0dd0e81de3a1f6
+SIZE (flashplugin/11.2r202.291/install_flash_player_11_linux.i386.tar.gz) = 6923403
+SHA256 (flashplugin/11.2r202.291/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.291/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Eitan Adler freebsd_committer 2013-06-11 23:45:13 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 4 dfilter freebsd_committer 2013-07-15 22:06:44 UTC
Author: eadler
Date: Mon Jul 15 21:06:36 2013
New Revision: 323080
URL: http://svnweb.freebsd.org/changeset/ports/323080

Log:
  Update to 11.2r202.291
  
  PR:		ports/179502
  Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Modified:
  head/security/vuxml/vuln.xml
  head/www/linux-f10-flashplugin11/Makefile
  head/www/linux-f10-flashplugin11/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Jul 15 21:00:15 2013	(r323079)
+++ head/security/vuxml/vuln.xml	Mon Jul 15 21:06:36 2013	(r323080)
@@ -51,6 +51,34 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="df428c01-ed91-11e2-9466-98fc11cdc4f5">
+    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-f10-flashplugin</name>
+	<range><lt>11.2r202.297</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb13-17.html">
+	  <p>These updates address vulnerabilities that could cause a crash
+	    and potentially allow an attacker to take control of the affected system.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-3344</cvename>
+      <cvename>CVE-2013-3345</cvename>
+      <cvename>CVE-2013-3347</cvename>
+    </references>
+    <dates>
+      <discovery>2013-07-09</discovery>
+      <entry>2013-07-15</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="30a04ab4-ed7b-11e2-8643-8c705af55518">
     <topic>squid -- denial of service</topic>
     <affects>

Modified: head/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- head/www/linux-f10-flashplugin11/Makefile	Mon Jul 15 21:00:15 2013	(r323079)
+++ head/www/linux-f10-flashplugin11/Makefile	Mon Jul 15 21:06:36 2013	(r323080)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.291
+PORTVERSION=	11.2r202.297
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: head/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- head/www/linux-f10-flashplugin11/distinfo	Mon Jul 15 21:00:15 2013	(r323079)
+++ head/www/linux-f10-flashplugin11/distinfo	Mon Jul 15 21:06:36 2013	(r323080)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.291/install_flash_player_11_linux.i386.tar.gz) = 513abbfd9e4d7115c00264d82654ad226aa22f44e837301ccd0dd0e81de3a1f6
-SIZE (flashplugin/11.2r202.291/install_flash_player_11_linux.i386.tar.gz) = 6923403
-SHA256 (flashplugin/11.2r202.291/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.291/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.297/install_flash_player_11_linux.i386.tar.gz) = 9e20d25df0bc008d02b5fc5d78a972de8f4c7f738e165e3163ef64255611f256
+SIZE (flashplugin/11.2r202.297/install_flash_player_11_linux.i386.tar.gz) = 6923530
+SHA256 (flashplugin/11.2r202.297/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.297/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"