Package: flashplugin-nonfree Version: 1:1.4~bpo40+1 Severity: grave Tags: security Justification: user security hole
Adobe has released v9.0.124.0 which is supposed to provide fixes for CVE-2007-5275 CVE-2007-6243 CVE-2007-6637 CVE-2007-6019 CVE-2007-0071 CVE-2008-1655 CVE-2008-1654 http://www.adobe.com/support/security/bulletins/apsb08-11.html Please review the latest release and add the correct MD5 checksum for the latest tarball, so that flashplugin-nonfree will be able to install it. On a side note: CVE-2007-6019 is the issue discovered by Shane Macaulay at CanSecWest 2008's PWN2OWN. According to the vulnerability reporter, this issue was reported to Adobe on 2008-02-07. The CVE, however, was (according to MITRE) assigned on 2007-11-19. Another reason not to use proprietary software? More information: http://www.zerodayinitiative.com/advisories/ZDI-08-021/ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (600, 'stable'), (500, 'proposed-updates') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.22-4-amd64 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages flashplugin-nonfree depends on: ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii fontconfig 2.4.2-1.2 generic font configuration library ii gnupg 1.4.6-2 GNU privacy guard - a free PGP rep ii ia32-libs-gtk 2.1~bpo40+1 gtk+ ia32 shared libraries ii lib32z1 1:1.2.3-13 compression library - 32 bit runti ii nspluginwrapper 0.9.91.5-1~bpo40+1 A wrapper to run Netscape plugins ii wget 1.10.2-2 retrieves files from the web flashplugin-nonfree recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]