185790 – www/linux-f10-flashplugin11 is vulnerable

Bug 185790 - www/linux-f10-flashplugin11 is vulnerable

Summary: www/linux-f10-flashplugin11 is vulnerable

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Eitan Adler

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-01-15 01:30 UTC by TsurutaniNaoki
Modified:	2014-01-25 17:30 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
file.diff (1.50 KB, patch) 2014-01-15 01:30 UTC, TsurutaniNaoki	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description TsurutaniNaoki 2014-01-15 01:30:00 UTC

	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

Fix: new version is available.
	here is a patch:

Comment 1 Edwin Groothuis freebsd_committer

2014-01-15 01:57:22 UTC

Responsible Changed
From-To: freebsd-ports-bugs->eadler

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 dfilter service freebsd_committer

2014-01-24 05:05:45 UTC

Author: eadler
Date: Fri Jan 24 05:05:36 2014
New Revision: 340877
URL: http://svnweb.freebsd.org/changeset/ports/340877
QAT: https://qat.redports.org/buildarchive/r340877/

Log:
  Update flash to 11.2r202.335
  Report security issues
  
  PR:		ports/185790
  Reported by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Modified:
  head/security/vuxml/vuln.xml
  head/www/linux-f10-flashplugin11/Makefile
  head/www/linux-f10-flashplugin11/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Jan 24 03:20:23 2014	(r340876)
+++ head/security/vuxml/vuln.xml	Fri Jan 24 05:05:36 2014	(r340877)
@@ -51,6 +51,34 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="c0ef849e-84ac-11e3-bec4-9c4e36909cc0">
+    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>linux-f10-flashplugin</name>
+	<range><lt>11.2r202.335</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Adobe reports:</p>
+	<blockquote cite="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html">
+	  <p>These updates address vulnerabilities that could cause a crash
+	    and potentially allow an attacker to take control of the affected system.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2014-0491</cvename>
+      <cvename>CVE-2014-0492</cvename>
+      <url>http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</url>
+    </references>
+    <dates>
+      <discovery>2014-01-14</discovery>
+      <entry>2014-01-24</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="6d08fa63-83bf-11e3-bdba-080027ef73ec">
     <topic>HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes</topic>
     <affects>

Modified: head/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- head/www/linux-f10-flashplugin11/Makefile	Fri Jan 24 03:20:23 2014	(r340876)
+++ head/www/linux-f10-flashplugin11/Makefile	Fri Jan 24 05:05:36 2014	(r340877)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.327
-PORTREVISION=	1
+PORTVERSION=	11.2r202.335
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: head/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- head/www/linux-f10-flashplugin11/distinfo	Fri Jan 24 03:20:23 2014	(r340876)
+++ head/www/linux-f10-flashplugin11/distinfo	Fri Jan 24 05:05:36 2014	(r340877)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 1fbbadf17c86b3fd52bbf1df299f52c0b2eb7a0b9aca1d55756bc884c9270f62
-SIZE (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 6923587
-SHA256 (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.335/install_flash_player_11_linux.i386.tar.gz) = 71d403cdca7a0a13a37c024da28d8e07d765290e1df0e1b1e05482a7d4a27d46
+SIZE (flashplugin/11.2r202.335/install_flash_player_11_linux.i386.tar.gz) = 6923385
+SHA256 (flashplugin/11.2r202.335/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.335/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"

Comment 3 Eitan Adler freebsd_committer

2014-01-24 05:06:46 UTC

State Changed
From-To: open->closed

Committed. Thanks!

Comment 4 dfilter service freebsd_committer

2014-01-25 17:23:32 UTC

Author: mat
Date: Sat Jan 25 17:23:25 2014
New Revision: 341062
URL: http://svnweb.freebsd.org/changeset/ports/341062
QAT: https://qat.redports.org/buildarchive/r341062/

Log:
  MFH: r340877
  
  Update flash to 11.2r202.335
  Report security issues
  
  PR:		ports/185790
  Reported by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Modified:
  branches/2014Q1/www/linux-f10-flashplugin11/Makefile
  branches/2014Q1/www/linux-f10-flashplugin11/distinfo

Modified: branches/2014Q1/www/linux-f10-flashplugin11/Makefile
==============================================================================
--- branches/2014Q1/www/linux-f10-flashplugin11/Makefile	Sat Jan 25 17:00:15 2014	(r341061)
+++ branches/2014Q1/www/linux-f10-flashplugin11/Makefile	Sat Jan 25 17:23:25 2014	(r341062)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.327
-PORTREVISION=	1
+PORTVERSION=	11.2r202.335
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		LOCAL/nox:suplib

Modified: branches/2014Q1/www/linux-f10-flashplugin11/distinfo
==============================================================================
--- branches/2014Q1/www/linux-f10-flashplugin11/distinfo	Sat Jan 25 17:00:15 2014	(r341061)
+++ branches/2014Q1/www/linux-f10-flashplugin11/distinfo	Sat Jan 25 17:23:25 2014	(r341062)
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 1fbbadf17c86b3fd52bbf1df299f52c0b2eb7a0b9aca1d55756bc884c9270f62
-SIZE (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 6923587
-SHA256 (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.335/install_flash_player_11_linux.i386.tar.gz) = 71d403cdca7a0a13a37c024da28d8e07d765290e1df0e1b1e05482a7d4a27d46
+SIZE (flashplugin/11.2r202.335/install_flash_player_11_linux.i386.tar.gz) = 6923385
+SHA256 (flashplugin/11.2r202.335/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.335/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"