-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The 64 bit version I installed an hour or so ago from the Adobe yum repo is: flash-plugin-11.0.1.152-release.x86_64
Dag Wieers wrote: | On Thu, 6 Oct 2011, Yasha Karant wrote: | |> On 10/06/2011 04:37 PM, Dag Wieers wrote: |>> On Thu, 6 Oct 2011, Yasha Karant wrote: |>> |>> > I realise that except for the Fermilab/CERN staff persons, almost all |>> > of the rest of those maintaining material for SL are unpaid |>> > volunteers. With that stated, what is the |>> > typical/average/median/whatever delay from the Adobe release until |>> the |>> > SL compatible port for the flash plugin? |>> > > In some cases, Adobe adds functionality -- but in most cases it |>> is a |>> > matter of bug and security-hole fixes -- and the sooner one |>> installs a |>> > valid security fix, the better. |>> |>> Do you have proof that this is a security fix. Because I track the RHEL |>> packages and no such update has come through their channels. It |>> seems as |>> if the release was simply their official Flash Player 11 release, |>> rather |>> than a security fix. |>> |>> If it is a security fix, even Red Hat is behind. Somehow I don't |>> believe |>> that, but for you to provide proof of what you state. Thanks. |> |> I use the direct Mozilla (and OpenOffice) distributions and updates. |> For Firefox 7.x (that the Firefox update on Help --> About Firefox |> reports as up to date), I ran an update check on the addons, including |> plugins using Tools --> Add ons and URL |> https://www.mozilla.org/en-US/plugincheck/ and the following was |> displayed: |> |> Vulnerable plugins: |> Plugin Icon |> Shockwave Flash |> Shockwave Flash 11.0 r1 Vulnerable (more info) |> |> (11.0.1.129 is what actually is installed) | | Again, without any information it is hard to determine whether the | plugincheck is mainly checking the version against the latest (known) | available, or whether it actually knows about vulnerabilities. | | I bet the first option is what is implemented (because the second adds | complexity without any real gain). Their aim is to have people running | the latest. | | ALso, if we look at TUV, they still offer | flash-plugin-10.3.183.10-1.el6, which is most likely not vulnerable (and | which was the version offered by Repoforge until this morning too). In | other words, we are now disconnected from the RHSA information. | | If you noticed a flash-plugin update from Adobe, feel free to let us | know so we can update our flash-plugin package too. | | Thanks in advance, - -- Robert E. Blair, Room C221, Building 360 Argonne National Laboratory (High Energy Physics Division) 9700 South Cass Avenue, Argonne, IL 60439, USA Phone: (630)-252-7545 FAX: (630)-252-5782 GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFOjqn/OMIGC6x7/XQRAhFvAJ9QBWWochI/ODbT+jfTvfM8YpxjLwCgrOxG qdBTZXJirs0EQgmSn2XL/Eg= =gp6S -----END PGP SIGNATURE-----
<<attachment: reb.vcf>>
smime.p7s
Description: S/MIME Cryptographic Signature
