Bug#623005: marked as done (Current flashplugin-nonfree situation is FFS)

Sat, 16 Apr 2011 10:03:16 -0700 

Your message dated Sat, 16 Apr 2011 17:00:57 +0000
with message-id <[email protected]>
and subject line closing
has caused the Debian Bug report #623005,
regarding Current flashplugin-nonfree situation is FFS
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
623005: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623005
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: flashplugin-nonfree
Version: 1:2.8.3
Severity: grave
Tags: security
Justification: user security hole


Hello,

the prop. flash-player is since a longer time out-of-date in Debian, speaking 
of:
  http://people.debian.org/~bartm/flashplugin-nonfree/

The plugin is "outdated" with many serious security holes, it is not binNMU- and
update-able.

Currently only update-flashplugin-nonfree updates the packaging (if you have
updated the binaries on people.d.o), because you want to verify the signatures
of the downloaded files, which is useless IMHO, because you have to download
it without any verification from adobe.com, so if your download is compromised
every other user will get the evil binaries.


-- Package-specific info:
Debian version: wheezy/sid
Architecture: amd64
Package version: 1:2.8.3
Adobe Flash Player version: LNX 10,3,162,29
MD5 checksums:
        49b55c7eb8044453e5f6f2e4b3cb4084  
/var/cache/flashplugin-nonfree/flashplayer10_2_p3_64bit_linux_111710.tar.gz
        338e954c02ba6776b6b8a908e6f96b5f  
/var/cache/flashplugin-nonfree/flashplayer_square_p1_64bit_linux_091510.tar.gz
        4777665a6149af11233d8a000b89ffb1  
/var/cache/flashplugin-nonfree/install_flash_player_10_linux.tar.gz
        a311fd97aa6c214f63dc089a20cf7a39  
/var/cache/flashplugin-nonfree/install_flash_player_9_linux.tar.gz
        492d98d25886afcaf18252334d4ac4e2  
/var/cache/flashplugin-nonfree/libflashplayer-10.0.22.87.linux-x86_64.so.tar.gz
        332e60275e9c7a92059f286a2bad6e41  
/var/cache/flashplugin-nonfree/libflashplayer-10.0.32.18.linux-x86_64.so.tar.gz
        8b427c2991c0447af56a951c653ee383  
/var/cache/flashplugin-nonfree/libflashplayer-10.0.42.34.linux-x86_64.so.tar.gz
        14c918ac5a9b9b680bdb37aedae40009  
/var/cache/flashplugin-nonfree/libflashplayer-10.0.d20.7.linux-x86_64.so.tar.gz
        c165af9d4e324bfaf6d1cfbdbe959fbb  
/var/cache/flashplugin-nonfree/libflashplayer-10.0.d21.1.linux-x86_64.so.tar.gz
        267bfdb38d14c9d96d0d04e273c3d961  
/usr/lib/flashplugin-nonfree/libflashplayer.so
Alternatives:
        flash-mozilla.so - auto mode
          link currently points to 
/usr/lib/flashplugin-nonfree/libflashplayer.so
        /usr/lib/flashplugin-nonfree/libflashplayer.so - priority 50
        Current 'best' version is 
'/usr/lib/flashplugin-nonfree/libflashplayer.so'.
        lrwxrwxrwx 1 root root 34 Dec 30 20:16 
/usr/lib/mozilla/plugins/flash-mozilla.so -> /etc/alternatives/flash-mozilla.so
        /usr/lib/mozilla/plugins/flash-mozilla.so: symbolic link to 
`/etc/alternatives/flash-mozilla.so'

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages flashplugin-nonfree depends on:
ii  debconf [debconf 1.5.38                  Debian configuration management sy
ii  gnupg            1.4.11-3                GNU privacy guard - a free PGP rep
ii  libatk1.0-0      2.0.0-1                 The ATK accessibility toolkit
ii  libcairo2        1.10.2-6                The Cairo 2D vector graphics libra
ii  libcurl3-gnutls  7.21.4-2                Multi-protocol file transfer libra
ii  libfontconfig1   2.8.0-2.1               generic font configuration library
ii  libfreetype6     2.4.4-1                 FreeType 2 font engine, shared lib
ii  libgcc1          1:4.6.0-2               GCC support library
ii  libglib2.0-0     2.28.6-1                The GLib library of C routines
ii  libgtk2.0-0      2.24.4-3                The GTK+ graphical user interface 
ii  libnspr4-0d      4.8.7-2                 NetScape Portable Runtime Library
ii  libnss3-1d       3.12.9.with.ckbi.1.82-1 Network Security Service libraries
ii  libpango1.0-0    1.28.3-6                Layout and rendering of internatio
ii  libstdc++6       4.6.0-2                 The GNU Standard C++ Library v3
ii  libx11-6         2:1.4.3-1               X11 client-side library
ii  libxext6         2:1.2.0-2               X11 miscellaneous extension librar
ii  libxt6           1:1.1.1-1               X11 toolkit intrinsics library
ii  wget             1.12-3                  retrieves files from the web

flashplugin-nonfree recommends no packages.

Versions of packages flashplugin-nonfree suggests:
pn  flashplugin-nonfree-extrasoun <none>     (no description available)
ii  iceweasel                     4.0-3      Web browser based on Firefox
pn  konqueror-nsplugins           <none>     (no description available)
ii  msttcorefonts                 2.7        transitional dummy package
ii  ttf-dejavu                    2.33-1     Metapackage to pull in ttf-dejavu-
ii  ttf-mscorefonts-installer [ms 3.3        Installer for Microsoft TrueType c
pn  ttf-xfree86-nonfree           <none>     (no description available)
pn  x-ttcidfont-conf              <none>     (no description available)

-- no debconf information

--- End Message ---
--- Begin Message --- 
The submitter agreed to close this bug.

--- End Message ---

Reply via email to