Your message dated Wed, 09 Apr 2008 21:29:26 +0200
with message-id <[EMAIL PROTECTED]>
and subject line flashplugin-nonfree: Fails to install latest Adobe security
update (9.0.124.0)
has caused the Debian Bug report #475129,
regarding flashplugin-nonfree: Fails to install latest Adobe security update
(9.0.124.0)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
475129: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475129
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: flashplugin-nonfree
Version: 1:1.4~bpo40+1
Severity: grave
Tags: security
Justification: user security hole
Adobe has released v9.0.124.0 which is supposed to provide fixes for
CVE-2007-5275
CVE-2007-6243
CVE-2007-6637
CVE-2007-6019
CVE-2007-0071
CVE-2008-1655
CVE-2008-1654
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Please review the latest release and add the correct MD5 checksum for the
latest tarball, so that flashplugin-nonfree will be able to install it.
On a side note:
CVE-2007-6019 is the issue discovered by Shane Macaulay at CanSecWest 2008's
PWN2OWN. According to the vulnerability reporter, this issue was reported to
Adobe on 2008-02-07. The CVE, however, was (according to MITRE) assigned on
2007-11-19. Another reason not to use proprietary software?
More information:
http://www.zerodayinitiative.com/advisories/ZDI-08-021/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (600, 'stable'), (500, 'proposed-updates')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-4-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages flashplugin-nonfree depends on:
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
ii fontconfig 2.4.2-1.2 generic font configuration library
ii gnupg 1.4.6-2 GNU privacy guard - a free PGP rep
ii ia32-libs-gtk 2.1~bpo40+1 gtk+ ia32 shared libraries
ii lib32z1 1:1.2.3-13 compression library - 32 bit runti
ii nspluginwrapper 0.9.91.5-1~bpo40+1 A wrapper to run Netscape plugins
ii wget 1.10.2-2 retrieves files from the web
flashplugin-nonfree recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Updated MD5 checksums.
http://people.debian.org/~bartm/flashplugin-nonfree/
--- End Message ---