On 2011/10/07 00:12, Dag Wieers wrote:
On Thu, 6 Oct 2011, Yasha Karant wrote:
On 10/06/2011 04:37 PM, Dag Wieers wrote:
On Thu, 6 Oct 2011, Yasha Karant wrote:
> I realise that except for the Fermilab/CERN staff persons, almost all
> of the rest of those maintaining material for SL are unpaid
> volunteers. With that stated, what is the
> typical/average/median/whatever delay from the Adobe release until the
> SL compatible port for the flash plugin?
> > In some cases, Adobe adds functionality -- but in most cases it is a
> matter of bug and security-hole fixes -- and the sooner one installs a
> valid security fix, the better.
Do you have proof that this is a security fix. Because I track the RHEL
packages and no such update has come through their channels. It seems as
if the release was simply their official Flash Player 11 release, rather
than a security fix.
If it is a security fix, even Red Hat is behind. Somehow I don't believe
that, but for you to provide proof of what you state. Thanks.
I use the direct Mozilla (and OpenOffice) distributions and updates. For
Firefox 7.x (that the Firefox update on Help --> About Firefox reports as up
to date), I ran an update check on the addons, including plugins using Tools
--> Add ons and URL https://www.mozilla.org/en-US/plugincheck/ and the
following was displayed:
Vulnerable plugins:
Plugin Icon
Shockwave Flash
Shockwave Flash 11.0 r1 Vulnerable (more info)
(11.0.1.129 is what actually is installed)
Again, without any information it is hard to determine whether the plugincheck
is mainly checking the version against the latest (known) available, or whether
it actually knows about vulnerabilities.
I bet the first option is what is implemented (because the second adds
complexity without any real gain). Their aim is to have people running the
latest.
ALso, if we look at TUV, they still offer flash-plugin-10.3.183.10-1.el6, which
is most likely not vulnerable (and which was the version offered by Repoforge
until this morning too). In other words, we are now disconnected from the RHSA
information.
If you noticed a flash-plugin update from Adobe, feel free to let us know so we
can update our flash-plugin package too.
In that vein it seems "odd" to me that a 32 bit package would be accepted as an
update for a 64 bit package. This seems to be to be a bug.
{^_^}
