Bug 183911 - www/linux-f10-flashplugin11 is vulnerable
www/linux-f10-flashplugin11 is vulnerable
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Eitan Adler
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-13 05:10 UTC by turutani
Modified: 2013-11-13 06:00 UTC (History)
1 user (show)

See Also:


Attachments
file.diff (1.43 KB, patch)
2013-11-13 05:10 UTC, turutani
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description turutani 2013-11-13 05:10:00 UTC
	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://www.adobe.com/support/security/bulletins/apsb13-26.html

Fix: linux-f10-flashplugin11-11.2r202.327 is available.
	here is a patch:
Comment 1 Edwin Groothuis freebsd_committer 2013-11-13 05:10:10 UTC
Responsible Changed
From-To: freebsd-ports-bugs->eadler

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter freebsd_committer 2013-11-13 05:56:05 UTC
Author: eadler
Date: Wed Nov 13 05:55:57 2013
New Revision: 333651
URL: http://svnweb.freebsd.org/changeset/ports/333651

Log:
  Update to latest flash and mark the old one as vulnerable.
  
  PR:		ports/183911
  Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Modified:
  head/security/vuxml/vuln.xml
  head/www/linux-f10-flashplugin11/Makefile
  head/www/linux-f10-flashplugin11/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Nov 13 05:48:24 2013	(r333650)
+++ head/security/vuxml/vuln.xml	Wed Nov 13 05:55:57 2013	(r333651)
@@ -51,6 +51,34 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="adcbdba2-4c27-11e3-9848-98fc11cdc4f5">
+    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-f10-flashplugin</name>
+	<range><lt>11.2r202.327</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb13-26.html">
+	  <p>These updates address vulnerabilities that could cause a crash
+	    and potentially allow an attacker to take control of the affected system.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-5329</cvename>
+      <cvename>CVE-2013-5330</cvename>
+      <url>http://www.adobe.com/support/security/bulletins/apsb13-26.html</url>
+    </references>
+    <dates>
+      <discovery>2013-11-12</discovery>
+      <entry>2013-11-12</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="3bfc7016-4bcc-11e3-b0cf-00262d5ed8ee">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>

Modified: head/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- head/www/linux-f10-flashplugin11/Makefile	Wed Nov 13 05:48:24 2013	(r333650)
+++ head/www/linux-f10-flashplugin11/Makefile	Wed Nov 13 05:55:57 2013	(r333651)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.310
+PORTVERSION=	11.2r202.327
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: head/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- head/www/linux-f10-flashplugin11/distinfo	Wed Nov 13 05:48:24 2013	(r333650)
+++ head/www/linux-f10-flashplugin11/distinfo	Wed Nov 13 05:55:57 2013	(r333651)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.310/install_flash_player_11_linux.i386.tar.gz) = 7051aee6bbca66a562c1a8acfa63533744c71cdbe231276f4097462dd24dc061
-SIZE (flashplugin/11.2r202.310/install_flash_player_11_linux.i386.tar.gz) = 6923724
-SHA256 (flashplugin/11.2r202.310/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.310/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 1fbbadf17c86b3fd52bbf1df299f52c0b2eb7a0b9aca1d55756bc884c9270f62
+SIZE (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 6923587
+SHA256 (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
Comment 3 Eitan Adler freebsd_committer 2013-11-13 05:56:27 UTC
State Changed
From-To: open->closed

Committed. Thanks!