Package: flashplugin-nonfree Version: 1:3.2+wheezy1 Severity: critical Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
--- Please enter the report below this line. ---
I believe the version of this package for Debian 7 installations
("OldStable") is *critically* out of date and still has the CVEs that
have been addressed by later versions 1:3.6.1 in "Stable" or 1:3.7
"Testing" and "Unstable". Whilst I appreciate that "Wheezy" is long in
the tooth, it still should be getting security updates for a little
while longer!
For the record, backporting by hand-editing in the differences between
3.2 and 3.7 into the 3.2 version does seem to do the job - the
diagnostic stuff below does not represent the exact state of a Wheezy
system because I got fed up with the FireFox blacklisting of the old
flashplayer version so manually installed it myself and dropped it into
the "alternatives" system but other users of "OldStable" might not be so
able to munge things themselves...
Regards
Stephen
--- System information. ---
Architecture: amd64
Kernel: Linux 3.16.0-0.bpo.4-amd64
Debian Release: 7.11
500 wheezy-backports mozilla.debian.net 500 stable
apt.spideroak.com 500 oldstable-updates mirror.sov.uk.goscomb.net
500 oldstable-proposed-updates mirror.sov.uk.goscomb.net 500 oldstable
security.debian.org 500 oldstable
mirror.sov.uk.goscomb.net 100 wheezy-backports
mirror.sov.uk.goscomb.net 100 wheezy-backports ftp.debian.org
--- Package information. ---
Depends (Version) | Installed
==============================-+-===========
debconf | 1.5.49
OR debconf-2.0 | wget |
1.13.4-3+deb7u3
gnupg | 1.4.12-7+deb7u8
libatk1.0-0 | 2.4.0-2
libcairo2 | 1.12.2-3
libfontconfig1 | 2.9.0-7.1+deb7u1
libfreetype6 | 2.4.9-1.1+deb7u3
libgcc1 | 1:4.7.2-5
libglib2.0-0 | 2.33.12+really2.32.4-5
libgtk2.0-0 (>= 2.14) | 2.24.10-2
libnspr4 | 2:4.9.2-1+deb7u4
libnss3 | 2:3.14.5-1+deb7u8
libpango1.0-0 | 1.30.0-1
libstdc++6 | 4.7.2-5
libx11-6 | 2:1.5.0-1+deb7u2
libxext6 | 2:1.3.1-2+deb7u1
libxt6 | 1:1.1.3-1+deb7u1
libcurl3-gnutls | 7.26.0-1+wheezy14
binutils | 2.22-8+deb7u3
ca-certificates | 20130119+deb7u1
Package's Recommends field is empty.
Suggests (Version) | Installed
========================================-+-===========
iceweasel | konqueror-nsplugins
| 4:4.8.4-2
ttf-mscorefonts-installer | 3.4+nmu1
ttf-dejavu | 2.33-3
ttf-xfree86-nonfree | 4.2.1-3.1
hal | 0.5.14-8
--- Output from package bug script ---
Debian version: 7.11
Architecture: amd64
Package version: 1:3.2+wheezy1
Adobe Flash Player version: LNX 11,2,202,632
MD5 checksums:
29c85bc8504422120cf89702986ff8e1
/var/cache/flashplugin-nonfree/get-upstream-version.pl
160a01dd00527304e5291e65eb0c65e2
/var/cache/flashplugin-nonfree/get-upstream-version.pl.orig
ace1a0801f00a25fd90172f63e98e101
/var/cache/flashplugin-nonfree/install_flash_player_11_linux.x86_64.tar.gz
e3a1280f91b278b8832500f362d0546b
/var/cache/flashplugin-nonfree/libflashplayer-11.2.202.632.so
e3a1280f91b278b8832500f362d0546b
/var/cache/flashplugin-nonfree/libflashplayer.so
md5sum: /var/cache/flashplugin-nonfree/temp: Is a directory
e3a1280f91b278b8832500f362d0546b
/usr/lib/flashplugin-nonfree/libflashplayer.so
Alternatives:
flash-mozilla.so - auto mode
link currently points to
/usr/lib/flashplugin-nonfree/libflashplayer.so
/usr/lib/flashplugin-nonfree/libflashplayer-11.2.202.632.so - priority
20
/usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
Current 'best' version is
'/usr/lib/flashplugin-nonfree/libflashplayer.so'.
lrwxrwxrwx 1 root root 34 Jul 30 14:52
/usr/lib/mozilla/plugins/flash-mozilla.so ->
/etc/alternatives/flash-mozilla.so
/usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to
/etc/alternatives/flash-mozilla.so
signature.asc
Description: OpenPGP digital signature
