Your message dated Thu, 17 Jun 2010 17:02:28 +0000
with message-id <e1opiu0-0007qe...@ries.debian.org>
and subject line Bug#585408: fixed in flashplugin-nonfree 1:2.8.1
has caused the Debian Bug report #585408,
regarding Adobe Flash Player: APSB10-14 - the 64 bit player is insecure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
585408: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585408
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: flashplugin-nonfree
Version: 1:2.8
Severity: grave
Tags: security
Justification: user security hole
As described at
<http://www.adobe.com/support/security/advisories/apsa10-01.html>,
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and
earlier versions for Windows, Macintosh, Linux and Solaris operating
systems, and the authplay.dll component that ships with Adobe Reader and
Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This
vulnerability (CVE-2010-1297) could cause a crash and potentially allow
an attacker to take control of the affected system. There are reports
that this vulnerability is being actively exploited in the wild against
both Adobe Flash Player, and Adobe Reader and Acrobat.
This is CVE-2010-1297 and APSA10-01.
-- Package-specific info:
Debian version: squeeze/sid
Architecture: amd64
Package version: 1:2.8
Adobe Flash Player version: LNX 10,0,45,2
MD5 checksums:
4a4561e456612a6751653b58342d53df
/var/cache/flashplugin-nonfree/libflashplayer-10.0.45.2.linux-x86_64.so.tar.gz
57fb976761aac898897e96101ee1a4e0
/usr/lib/flashplugin-nonfree/libflashplayer.so
Alternatives:
flash-mozilla.so - auto mode
link currently points to
/usr/lib/flashplugin-nonfree/libflashplayer.so
/usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
/usr/lib/gnash/libgnashplugin.so - priority 10
Current 'best' version is
'/usr/lib/flashplugin-nonfree/libflashplayer.so'.
lrwxrwxrwx 1 root root 34 Mar 2 15:42
/usr/lib/mozilla/plugins/flash-mozilla.so -> /etc/alternatives/flash-mozilla.so
/usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to
`/etc/alternatives/flash-mozilla.so'
Libraries used by libflashplayer.so:
linux-vdso.so.1 => (0x00007fff619ff000)
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f079e0d6000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007f079deba000)
libX11.so.6 => /usr/lib/libX11.so.6 (0x00007f079db7d000)
libXext.so.6 => /usr/lib/libXext.so.6 (0x00007f079d96b000)
libXt.so.6 => /usr/lib/libXt.so.6 (0x00007f079d707000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007f079d47f000)
libfontconfig.so.1 => /usr/lib/libfontconfig.so.1 (0x00007f079d24a000)
libgtk-x11-2.0.so.0 => /usr/lib/libgtk-x11-2.0.so.0 (0x00007f079cc2a000)
libgdk-x11-2.0.so.0 => /usr/lib/libgdk-x11-2.0.so.0 (0x00007f079c97c000)
libatk-1.0.so.0 => /usr/lib/libatk-1.0.so.0 (0x00007f079c75b000)
libgdk_pixbuf-2.0.so.0 => /usr/lib/libgdk_pixbuf-2.0.so.0
(0x00007f079c53f000)
libpangocairo-1.0.so.0 => /usr/lib/libpangocairo-1.0.so.0
(0x00007f079c332000)
libpango-1.0.so.0 => /usr/lib/libpango-1.0.so.0 (0x00007f079c0e6000)
libcairo.so.2 => /usr/lib/libcairo.so.2 (0x00007f079be69000)
libgobject-2.0.so.0 => /usr/lib/libgobject-2.0.so.0 (0x00007f079bc21000)
libgmodule-2.0.so.0 => /usr/lib/libgmodule-2.0.so.0 (0x00007f079ba1e000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f079b81a000)
libglib-2.0.so.0 => /lib/libglib-2.0.so.0 (0x00007f079b53d000)
libnss3.so => /usr/lib/libnss3.so (0x00007f079b23a000)
libsmime3.so => /usr/lib/libsmime3.so (0x00007f079b014000)
libssl3.so => /usr/lib/libssl3.so (0x00007f079ade3000)
libplds4.so => /usr/lib/libplds4.so (0x00007f079abe0000)
libplc4.so => /usr/lib/libplc4.so (0x00007f079a9dc000)
libnspr4.so => /usr/lib/libnspr4.so (0x00007f079a79e000)
libm.so.6 => /lib/libm.so.6 (0x00007f079a51c000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f079a306000)
libc.so.6 => /lib/libc.so.6 (0x00007f0799fb1000)
/lib64/ld-linux-x86-64.so.2 (0x00007f07a300f000)
libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00007f0799d95000)
libSM.so.6 => /usr/lib/libSM.so.6 (0x00007f0799b8d000)
libICE.so.6 => /usr/lib/libICE.so.6 (0x00007f0799971000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f079975a000)
libexpat.so.1 => /usr/lib/libexpat.so.1 (0x00007f0799532000)
libXcomposite.so.1 => /usr/lib/libXcomposite.so.1 (0x00007f079932f000)
libXdamage.so.1 => /usr/lib/libXdamage.so.1 (0x00007f079912d000)
libXfixes.so.3 => /usr/lib/libXfixes.so.3 (0x00007f0798f28000)
libgio-2.0.so.0 => /usr/lib/libgio-2.0.so.0 (0x00007f0798c75000)
libpangoft2-1.0.so.0 => /usr/lib/libpangoft2-1.0.so.0
(0x00007f0798a4c000)
libgthread-2.0.so.0 => /usr/lib/libgthread-2.0.so.0 (0x00007f0798848000)
librt.so.1 => /lib/librt.so.1 (0x00007f079863f000)
libXrender.so.1 => /usr/lib/libXrender.so.1 (0x00007f0798435000)
libXinerama.so.1 => /usr/lib/libXinerama.so.1 (0x00007f0798233000)
libXi.so.6 => /usr/lib/libXi.so.6 (0x00007f0798023000)
libXrandr.so.2 => /usr/lib/libXrandr.so.2 (0x00007f0797e1b000)
libXcursor.so.1 => /usr/lib/libXcursor.so.1 (0x00007f0797c11000)
libpixman-1.so.0 => /usr/lib/libpixman-1.so.0 (0x00007f07979b8000)
libpng12.so.0 => /lib/libpng12.so.0 (0x00007f0797792000)
libxcb-render-util.so.0 => /usr/lib/libxcb-render-util.so.0
(0x00007f079758e000)
libxcb-render.so.0 => /usr/lib/libxcb-render.so.0 (0x00007f0797386000)
libpcre.so.3 => /lib/libpcre.so.3 (0x00007f0797157000)
libnssutil3.so.1d => /usr/lib/libnssutil3.so.1d (0x00007f0796f3a000)
libXau.so.6 => /usr/lib/libXau.so.6 (0x00007f0796d37000)
libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00007f0796b31000)
libuuid.so.1 => /lib/libuuid.so.1 (0x00007f079692d000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00007f0796716000)
libselinux.so.1 => /lib/libselinux.so.1 (0x00007f07964f8000)
Packages containing libraries used by libflashplayer.so:
dpkg: /lib64/ld-linux-x86-64.so.2 not found.
libatk1.0-0 1.30.0-1
libc6 2.10.2-9
libcairo2 1.8.10-4
libexpat1 2.0.1-7
libfontconfig1 2.8.0-2.1
libfreetype6 2.3.11-1
libgcc1 1:4.4.4-1
libglib2.0-0 2.24.1-1
libgtk2.0-0 2.20.1-1
libice6 2:1.0.6-1
libnspr4-0d 4.8.4-1
libnss3-1d 3.12.6-2
libpango1.0-0 1.28.0-1
libpcre3 7.8-3
libpixman-1-0 0.16.4-1
libpng12-0 1.2.43-1
libselinux1 2.0.94-1
libsm6 2:1.1.1-1
libstdc++6 4.4.4-1
libuuid1 2.16.2-0
libx11-6 2:1.3.3-3
libxau6 1:1.0.5-2
libxcb-render-util0 0.3.6-1
libxcb-render0 1.6-1
libxcb1 1.6-1
libxcomposite1 1:0.4.1-1
libxcursor1 1:1.1.10-2
libxdamage1 1:1.1.2-1
libxdmcp6 1:1.0.3-2
libxext6 2:1.1.1-3
libxfixes3 1:4.0.4-2
libxi6 2:1.3-4
libxinerama1 2:1.1-3
libxrandr2 2:1.3.0-3
libxrender1 1:0.9.5-2
libxt6 1:1.0.7-1
zlib1g 1:1.2.3.4.dfsg-3
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (530, 'testing'), (520, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages flashplugin-nonfree depends on:
ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii gnupg 1.4.10-4 GNU privacy guard - a free PGP rep
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libcairo2 1.8.10-4 The Cairo 2D vector graphics libra
ii libcurl3-gnutls 7.20.1-2 Multi-protocol file transfer libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.3.11-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.4-1 GCC support library
ii libglib2.0-0 2.24.1-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-1 The GTK+ graphical user interface
ii libnspr4-0d 4.8.4-1 NetScape Portable Runtime Library
ii libnss3-1d 3.12.6-2 Network Security Service libraries
ii libpango1.0-0 1.28.0-1 Layout and rendering of internatio
ii libstdc++6 4.4.4-1 The GNU Standard C++ Library v3
ii libx11-6 2:1.3.3-3 X11 client-side library
ii libxext6 2:1.1.1-3 X11 miscellaneous extension librar
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii wget 1.12-2 retrieves files from the web
flashplugin-nonfree recommends no packages.
Versions of packages flashplugin-nonfree suggests:
pn flashplugin-nonfree-extrasoun <none> (no description available)
ii iceweasel 3.5.9-3 Web browser based on Firefox
pn konqueror-nsplugins <none> (no description available)
pn msttcorefonts <none> (no description available)
ii ttf-dejavu 2.30-2 Metapackage to pull in ttf-dejavu-
pn ttf-xfree86-nonfree <none> (no description available)
ii x-ttcidfont-conf 32 TrueType and CID fonts configurati
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: flashplugin-nonfree
Source-Version: 1:2.8.1
We believe that the bug you reported is fixed in the latest version of
flashplugin-nonfree, which is due to be installed in the Debian FTP archive:
flashplugin-nonfree_2.8.1.dsc
to contrib/f/flashplugin-nonfree/flashplugin-nonfree_2.8.1.dsc
flashplugin-nonfree_2.8.1.tar.gz
to contrib/f/flashplugin-nonfree/flashplugin-nonfree_2.8.1.tar.gz
flashplugin-nonfree_2.8.1_amd64.deb
to contrib/f/flashplugin-nonfree/flashplugin-nonfree_2.8.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 585...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bart Martens <ba...@debian.org> (supplier of updated flashplugin-nonfree
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 17 Jun 2010 18:13:27 +0200
Source: flashplugin-nonfree
Binary: flashplugin-nonfree
Architecture: source amd64
Version: 1:2.8.1
Distribution: unstable
Urgency: low
Maintainer: Bart Martens <ba...@debian.org>
Changed-By: Bart Martens <ba...@debian.org>
Description:
flashplugin-nonfree - Adobe Flash Player - browser plugin
Closes: 585408
Changes:
flashplugin-nonfree (1:2.8.1) unstable; urgency=low
.
* Added message "64 bit player temporarily not supported". Closes: #585408.
* Point to http://wiki.debian.org/FlashPlayer in error messages.
Checksums-Sha1:
28c34bd4a3304e77ca2d6924780341dc74615e16 1450 flashplugin-nonfree_2.8.1.dsc
99c66bbb5d0be459e0b6d36b2d6f7c13d78633c6 17036 flashplugin-nonfree_2.8.1.tar.gz
a9d4f68ac74bff37e60b858f45da35910e933778 18024
flashplugin-nonfree_2.8.1_amd64.deb
Checksums-Sha256:
1d3c4eddc59fe2e79a25c045d0337d8def3ade97e8256bbc71b340433be98ab1 1450
flashplugin-nonfree_2.8.1.dsc
139996b7986ed3f162a323fe7edbba159afee8b685b6cba37a97455532a7bbcf 17036
flashplugin-nonfree_2.8.1.tar.gz
f3ea39f4d0e29c519c9ea89976d264b7a970b837ce8444a33450f0bbb2022e66 18024
flashplugin-nonfree_2.8.1_amd64.deb
Files:
6b09b1bf68825f6234770e802afa5351 1450 contrib/web optional
flashplugin-nonfree_2.8.1.dsc
6e2640cccfe2b4adf81d024ab5622493 17036 contrib/web optional
flashplugin-nonfree_2.8.1.tar.gz
f2ab292674e73eddacd691d8e59083f9 18024 contrib/web optional
flashplugin-nonfree_2.8.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJMGlPxAAoJEDNV9NY7WCHMcmsP/2HlHCys3z6oHLO10MuXOV1/
T7TQsrLTawqQnXDtXNHzKF45IpI6RRd7yrZLF1PJMSUTHQc2UUjbYygIA7rAzJCH
x4L0ReDIWyrJM6WTcigwR058de2bBJPk1q1DxUE2jAYguLZKXK9j9RlJ/7IBl185
hiAAwqtdwJePlk7P5d1wAVa8esvQUWnVc/0wHZnb6QMeVLZjMZE1eBRQ3He573jy
rIq7TiXgh3YAmOtMnqGPLpj7WPSePmi9iMMNFruLIMrSJSyPVIRsxQuUcGTuR6GQ
AF9Hz9SBaTL3j8bH/FUHhSlcebW/Jp1e5BfS7dduiPaHA7kKO6T42cAL2Qrhk+Mw
/qmTfZUyYd49pbVxnlA9U0vbh6Db28EIcp5Dq+ofy+8WA4Bs03IGq+aYWBerJU92
vA0y3ko9u5A8lZ937QzLap67Y7pf+usEpxCosqc88xPqojGvuk1cng/Dbm1zVGxH
WpjXxbSRtbhEd7O5RqIoeYx0/dKQbS3djHARAyTtXAafDAJRz1Do28G74eXApbqZ
3qz2tXVmH/mN2uhEv9s3r/QKKdpgkzRKm2rhVVpCH0+T+WmYG3X04FV29dttfn1D
n8IFLQ3qcka8ww75hGy/9QosACCbkJImIQ/TgqWke9iudS3isxgmS7S8A+R7DLY2
nryN9sLH3aWl3UmwGHt0
=EKk/
-----END PGP SIGNATURE-----
--- End Message ---
