Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 15 Jan 2014 09:58:18 +0900 (JST)
From:      Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        turutani@scphys.kyoto-u.ac.jp
Subject:   ports/185790: www/linux-f10-flashplugin11 is vulnerable
Message-ID:  <201401150058.s0F0wIsg003691@h120.65.226.10.32118.vlan.kuins.net>
Resent-Message-ID: <201401150130.s0F1U0MR080951@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         185790
>Category:       ports
>Synopsis:       www/linux-f10-flashplugin11 is vulnerable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 15 01:30:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator:     Tsurutani Naoki
>Release:        FreeBSD 8.4-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 8.4-PRERELEASE FreeBSD 8.4-PRERELEASE #26 r249149: Fri Apr 5 22:13:25 JST 2013 turutani@h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386


	
>Description:
	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
	
>How-To-Repeat:
	
>Fix:
	new version is available.
	here is a patch:

--- Makefile.orig	2013-11-15 03:45:54.000000000 +0900
+++ Makefile	2014-01-15 09:45:31.000000000 +0900
@@ -2,7 +2,7 @@
 # $FreeBSD: www/linux-f10-flashplugin11/Makefile 333784 2013-11-14 18:45:54Z jkim $
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.2r202.327
+PORTVERSION=	11.2r202.335
 PORTREVISION=	1
 CATEGORIES=	www multimedia linux
 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
diff -urN linux-f10-flashplugin11.orig/distinfo linux-f10-flashplugin11/distinfo
--- distinfo.orig	2013-11-13 14:55:57.000000000 +0900
+++ distinfo	2014-01-15 09:46:49.000000000 +0900
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 1fbbadf17c86b3fd52bbf1df299f52c0b2eb7a0b9aca1d55756bc884c9270f62
-SIZE (flashplugin/11.2r202.327/install_flash_player_11_linux.i386.tar.gz) = 6923587
-SHA256 (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.2r202.327/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.2r202.335/install_flash_player_11_linux.i386.tar.gz) = 71d403cdca7a0a13a37c024da28d8e07d765290e1df0e1b1e05482a7d4a27d46
+SIZE (flashplugin/11.2r202.335/install_flash_player_11_linux.i386.tar.gz) = 6923385
+SHA256 (flashplugin/11.2r202.335/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.2r202.335/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
	


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401150058.s0F0wIsg003691>