Page MenuHomeFreeBSD
Differential D831

Fix multiple vulns in Flash.
ClosedPublic
Actions

Authored by xmj on Sep 25 2014, 1:56 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Nov 9, 2:43 PM
Unknown Object (File)
Oct 2 2024, 1:24 PM
Unknown Object (File)
Sep 22 2024, 7:36 PM
Unknown Object (File)
Sep 6 2024, 4:23 AM
Unknown Object (File)
Sep 6 2024, 4:23 AM
Unknown Object (File)
Sep 6 2024, 4:23 AM
Unknown Object (File)
Sep 6 2024, 4:14 AM
Unknown Object (File)
Sep 6 2024, 12:09 AM
View All Files
Subscribers
None

Details

Reviewers
swills
koobs
bdrewery
Summary

As reported by Adobe, current flashplugin
linux-*-flashplugin-11.2r202.400 is vulnerable to multiple CVEs.
Update Flash to linux-*-flashplugin-11.2r202.406.

While there, set maintainer to emulation@ on www/linux-c6-flashplugin11
to match eadler@'s commit in revision r369160.

Patch to security/vuxml/vuln.xml can't be attached with arc diff it seems.
Here goes:
https://dpaste.de/sGdH/raw

Commitmessage:

www/linux-*-flashplugin11: Fix multiple security vulnerabilities

Adobe has discovered multiple security vulnerabilities in Flash
linux-*-flashplugin-11.2r202.400. Ugrade the two Linux ports to
version .406, which fixes these.

While there, assign www/linux-c6-flashplugin11 to emulation@
in order to match r369160.

PR: 		193904
Submitted by:	Jung-uk Kim 
Reviewed by:  bdrewery
Approved by:  koobs (mentor)
Test Plan

builds cleanly in poudriere 11amd64
http://xmj.me/freebsd/buildlogs/flashplugin-11.2r202.406.log
http://xmj.me/freebsd/buildlogs/linux-c6-flashplugin-11.2r202.406.log

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

xmj updated this revision to Diff 1755.Sep 25 2014, 1:56 AM
xmj retitled this revision from to Fix multiple vulns in Flash..
xmj updated this object.
xmj edited the test plan for this revision. (Show Details)
xmj added reviewers: koobs, swills, bdrewery.
xmj added a comment.Sep 25 2014, 2:29 AM

@bdrewery points out wildcarding packages in vuln.xml is not the way to go, and that they want to be listed explicitly like

https://dpaste.de/82Kh/raw

xmj added a comment.Sep 25 2014, 9:30 AM

After vuln.xml was amended to account for chromium and nss vulns,
new paste attached here: https://dpaste.de/zi4a/raw

koobs requested changes to this revision.Sep 25 2014, 9:30 AM
koobs edited edge metadata.

Add to commit log:

  • Security: ca44b64c-4453-11e4-9ea1-c485083ca99c
  • MFH: <branch>

Since CVE's are involved:

  • CPE_* information must be added
This revision now requires changes to proceed.Sep 25 2014, 9:30 AM
xmj updated this revision to Diff 1760.Sep 25 2014, 10:02 AM
xmj edited edge metadata.

Add CPE_VENDOR and CPE_PRODUCT as per
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0551

www/linux-*-flashplugin11: Fix multiple security vulnerabilities

Adobe has discovered multiple security vulnerabilities in Flash
linux-*-flashplugin-11.2r202.400. Ugrade the two Linux ports to
version .406, which fixes these.

While there, assign www/linux-c6-flashplugin11 to emulation@
in order to match r369160.

PR:           193904
Submitted by: Jung-uk Kim 
Approved by:  koobs (mentor)
Security:     ca44b64c-4453-11e4-9ea1-c485083ca99c
MFH:          2014Q3
koobs accepted this revision.Sep 25 2014, 10:33 AM
koobs edited edge metadata.

Looks good with the following clarification requested in commit log re maintainer change:

While here:

 - Merge in eadler@'s MAINTAINER change from r369160 [1]

[1] https://svnweb.freebsd.org/changeset/ports/369160
This revision is now accepted and ready to land.Sep 25 2014, 10:33 AM
xmj added a comment.Sep 29 2014, 11:19 AM

Landed as 369267
f10 bits MFH'd to 2014Q3 as 369304

xmj closed this revision.Sep 29 2014, 11:20 AM

Revision Contents
Changeset List

PathSize
www/
linux-c6-flashplugin11/
9 lines
8 lines
linux-f10-flashplugin11/
7 lines
8 lines

Diff 1760

View Options

www/linux-c6-flashplugin11/Makefile

Loading...
View Options

www/linux-c6-flashplugin11/distinfo

Loading...
View Options

www/linux-f10-flashplugin11/Makefile

Loading...
View Options

www/linux-f10-flashplugin11/distinfo

Loading...