Package: flashplugin-nonfree Version: 9.0.31.0.1 Severity: grave Tags: security, etch, upstream, fixed-upstream Justification: user security hole (and won't install)
Upstream for this package (Adobe) has released version 9.0.48 as a security update for version 9.0.31. There is also an upstream security bulletin APSB07-12 at <http://www.adobe.com/support/security/bulletins/apsb07-12.html> it cross references [CVE-2007-3456]. It also cross references two other CVE numbers which only affect versions not in stable (etch). The upstream security update 9.0.48 has already been included in unstable, but is not included in stable. oldstable (sarge) contains version 7 of this plugin which might not be affected by CVE-2007-3456 (the Adobe advisory is vague on this). oldstable is affected by CVE-2007-2002 though, see separate bug report. Additional note: as reported in bug #432755, the package currently in stable (etch) does not install because Adobe has removed the vulnerable version from its download servers. Publishing 9.0.48 (or a backport of it) on security.debian.org should fix that too. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /basnxt32/bin/bash Kernel: Linux 2.6.21jbj3.4-21 Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Versions of packages flashplugin-nonfree depends on: ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii fontconfig 2.4.2-1.2 generic font configuration library ii libatk1.0-0 1.12.4-3 The ATK accessibility toolkit ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libcairo2 1.2.4-4 The Cairo 2D vector graphics libra ii libexpat1 1.95.8-3.4 XML parsing C library - runtime li ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared lib ii libglib2.0-0 2.12.4-2 The GLib library of C routines ii libgtk2.0-0 2.8.20-7 The GTK+ graphical user interface ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library ii libpango1.0-0 1.14.8-5 Layout and rendering of internatio ii libpng12-0 1.2.15~beta5-1 PNG library - runtime ii libsm6 1:1.0.1-3 X11 Session Management library ii libx11-6 2:1.0.3-7 X11 client-side library ii libxau6 1:1.0.1-2 X11 authorisation library ii libxcursor1 1.1.7-4 X cursor management library ii libxdmcp6 1:1.0.1-2 X11 Display Manager Control Protoc ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxfixes3 1:4.0.1-5 X11 miscellaneous 'fixes' extensio ii libxi6 1:1.0.1-4 X11 Input extension library ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library ii libxrandr2 2:1.1.0.2-5 X11 RandR extension library ii libxrender1 1:0.9.1-3 X Rendering Extension client libra ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii wget 1.10.2-2 retrieves files from the web ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages flashplugin-nonfree recommends: pn xfs <none> (no description available) -- debconf information: flashplugin-nonfree/not_exist: flashplugin-nonfree/local: flashplugin-nonfree/httpget: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]