From turutani@scphys.kyoto-u.ac.jp  Fri Nov 11 14:12:56 2011
Return-Path: <turutani@scphys.kyoto-u.ac.jp>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A5645106566B
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 11 Nov 2011 14:12:56 +0000 (UTC)
	(envelope-from turutani@scphys.kyoto-u.ac.jp)
Received: from smtp-auth.kuins.kyoto-u.ac.jp (smtp-auth.kuins.kyoto-u.ac.jp [133.3.248.237])
	by mx1.freebsd.org (Postfix) with ESMTP id 3F2288FC0A
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 11 Nov 2011 14:12:56 +0000 (UTC)
Received: from smtp-auth.kuins.kyoto-u.ac.jp (smtp-auth.kuins.kyoto-u.ac.jp [127.0.0.1])
	by postfix.imss70 (Postfix) with ESMTP id 909622EC003;
	Fri, 11 Nov 2011 23:12:54 +0900 (JST)
Received: from h120.65.226.10.32118.vlan.kuins.net (wd232.BFL23.vectant.ne.jp [210.131.195.232])
	by smtp-auth.kuins.kyoto-u.ac.jp (Postfix) with ESMTP id 5C48A2EC001;
	Fri, 11 Nov 2011 23:12:54 +0900 (JST)
Received: from h120.65.226.10.32118.vlan.kuins.net (localhost [127.0.0.1])
	by h120.65.226.10.32118.vlan.kuins.net (8.14.4/8.14.4/20071004-1) with ESMTP id pABEBlA8007757;
	Fri, 11 Nov 2011 23:11:47 +0900 (JST)
	(envelope-from turutani@h120.65.226.10.32118.vlan.kuins.net)
Received: (from turutani@localhost)
	by h120.65.226.10.32118.vlan.kuins.net (8.14.4/8.14.4/Submit) id pABEBkmW007756;
	Fri, 11 Nov 2011 23:11:46 +0900 (JST)
	(envelope-from turutani)
Message-Id: <201111111411.pABEBkmW007756@h120.65.226.10.32118.vlan.kuins.net>
Date: Fri, 11 Nov 2011 23:11:46 +0900 (JST)
From: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Reply-To: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
To: FreeBSD-gnats-submit@freebsd.org
Cc: turutani@scphys.kyoto-u.ac.jp
Subject: www/linux-f10-flashplugin11 is vulnerable
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         162476
>Category:       ports
>Synopsis:       www/linux-f10-flashplugin11 is vulnerable
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    emulation
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Nov 11 14:20:01 UTC 2011
>Closed-Date:    Sat Nov 12 15:38:41 UTC 2011
>Last-Modified:  Sat Nov 12 15:40:07 UTC 2011
>Originator:     Tsurutani Naoki
>Release:        FreeBSD 8.2-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #25: Mon Jan 24 10:37:18 JST 2011 turutani@h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386


	
>Description:
	www/linux-f10-flashplugin11 is vulnerable.
	ref: http://www.adobe.com/support/security/bulletins/apsb11-28.html
	
>How-To-Repeat:
	
>Fix:
	new version of linux-f10-flashplugin11 is available.
	here is a patch to ports:

--- Makefile.orig	2011-11-04 04:01:24.000000000 +0900
+++ Makefile	2011-11-11 23:00:12.000000000 +0900
@@ -7,9 +7,9 @@
 #
 
 PORTNAME=	flashplugin
-PORTVERSION=	11.0r1.152
+PORTVERSION=	11.1r102.55
 CATEGORIES=	www multimedia linux
-MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/current/:plugin \
+MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/pdc/${PORTVERSION:C/r/\./}/:plugin \
 		ftp://ftp.ipt.ru/pub/download/:suplib \
 		LOCAL/nox:suplib
 PKGNAMEPREFIX=	linux-f10-
--- distinfo.orig	2011-10-05 08:11:17.000000000 +0900
+++ distinfo	2011-11-11 23:02:43.000000000 +0900
@@ -1,4 +1,4 @@
-SHA256 (flashplugin/11.0r1.152/install_flash_player_11_linux.i386.tar.gz) = 3532ee49eda0845597084a805e11985f9fd9c5f7b5b72f592ceb18529da918c1
-SIZE (flashplugin/11.0r1.152/install_flash_player_11_linux.i386.tar.gz) = 6742944
-SHA256 (flashplugin/11.0r1.152/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
-SIZE (flashplugin/11.0r1.152/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
+SHA256 (flashplugin/11.1r102.55/install_flash_player_11_linux.i386.tar.gz) = 678e2270cb12821b3685af22428e1122b2d130bc8f12ecc714d3636a00b5ed23
+SIZE (flashplugin/11.1r102.55/install_flash_player_11_linux.i386.tar.gz) = 6748255
+SHA256 (flashplugin/11.1r102.55/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
+SIZE (flashplugin/11.1r102.55/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
	


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->emulation 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Fri Nov 11 14:20:11 UTC 2011 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162476 
State-Changed-From-To: open->closed 
State-Changed-By: eadler 
State-Changed-When: Sat Nov 12 15:38:40 UTC 2011 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=162476 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/162476: commit references a PR
Date: Sat, 12 Nov 2011 15:35:22 +0000 (UTC)

 eadler      2011-11-12 15:35:14 UTC
 
   FreeBSD ports repository
 
   Modified files:
     www/linux-f10-flashplugin11 Makefile distinfo 
   Log:
   - update flash11 to 11.1r102.55
   
   PR:             ports/162476
   Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
   Security:       CVE-2011-445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2458
   Feature safe:   yes
   
   Revision  Changes    Path
   1.29      +3 -3      ports/www/linux-f10-flashplugin11/Makefile
   1.23      +4 -4      ports/www/linux-f10-flashplugin11/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
