On Tue, 2007-10-23 at 14:43 +0100, Sam Morris wrote: > What happened to the updated version of this package for etch?
See: http://ftp.debian.org/debian/dists/stable-proposed-updates/flashplugin-nonfree_9.0.48.0.1etch1_i386.changes http://ftp.debian.org/debian/pool/contrib/f/flashplugin-nonfree/ > Our users > are still stuck on 9.0.31 which is vulnerable to CVE-2007-3456 ('Integer > overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote > attackers to execute arbitrary code via a large length value for a (1) > Long string or (2) XML variable type in a crafted (a) FLV or (b) SWF > file, related to an "input validation error," including a signed > comparison of values that are assumed to be non-negative.'). > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
