Hi Dag Wieers! On 2011.10.07 at 01:34:38 +0200, Dag Wieers wrote next:
> >Evidently, a number of stock end-user applications, such as > >Firefox, Thunderbird, and the like, have security holes as well as > >bugs, and thus need regularly kept current. > > Do you have any proof of security problems ? Was there a security > advisory for this release ? It's not as simple as that. There was no supported version of 64-bit flash 10 plugin. Information about security problems in betas and RCs of flash plugins aren't displayed on that page that you saw - it does, however, appear in news from adobe and in adobe blogs; but they don't add them to list of problems in final releases. There *were* various security problems in 64-bit betas and RCs of flash plugin, and it got some updates, but they merely aren't listed on that page because of adobe policy regarding betas. Now, for 32-bit users there always was "latest stable flash 10", which, as you noted correctly, doesn't seem to have any security problems. These people can live just fine for now without updating to flash 11. But 64-bit users of flash plugin had only beta which had known security problems - they were fixed from time to time as new betas and rcs were released, and all known problems were fixed by the time of final flash 11 release. For 64-bit users, "official" tracking of security problems starts only now, with flash 11 release. All 64-bit users should update to final flash 11 ASAP, and the fact that there are no problems listed on that page only means that beta problems weren't tracked there - there *ARE* known security problems with flash 11 series. Here is example of security vulnerabilities fixed during course of flash 11 beta/rc releases: http://kb2.adobe.com/cps/916/cpsid_91694.html you check check out some security bulletins from this link. Btw, 64-bit flash 10 plugin was even in more sorry state: there were lot of known security problems for it, but adobe stopped developing it and latest known (beta) version was said to be very vulnerable. -- Vladimir
