Hi Dag Wieers!
On 2011.10.07 at 01:34:38 +0200, Dag Wieers wrote next:
> >Evidently, a number of stock end-user applications, such as
> >Firefox, Thunderbird, and the like, have security holes as well as
> >bugs, and thus need regularly kept current.
>
> Do you have any proof of security problems ? Was there a security
> advisory for this release ?
It's not as simple as that.
There was no supported version of 64-bit flash 10 plugin.
Information about security problems in betas and RCs of flash plugins
aren't displayed on that page that you saw - it does, however, appear in
news from adobe and in adobe blogs; but they don't add them to list of
problems in final releases.
There *were* various security problems in 64-bit betas and RCs of flash
plugin, and it got some updates, but they merely aren't listed on that
page because of adobe policy regarding betas.
Now, for 32-bit users there always was "latest stable flash 10", which,
as you noted correctly, doesn't seem to have any security problems.
These people can live just fine for now without updating to flash 11.
But 64-bit users of flash plugin had only beta which had known security
problems - they were fixed from time to time as new betas and rcs were
released, and all known problems were fixed by the time of final flash
11 release. For 64-bit users, "official" tracking of security problems
starts only now, with flash 11 release. All 64-bit users should update
to final flash 11 ASAP, and the fact that there are no problems listed
on that page only means that beta problems weren't tracked there - there
*ARE* known security problems with flash 11 series.
Here is example of security vulnerabilities fixed during course of flash
11 beta/rc releases: http://kb2.adobe.com/cps/916/cpsid_91694.html
you check check out some security bulletins from this link.
Btw, 64-bit flash 10 plugin was even in more sorry state: there were
lot of known security problems for it, but adobe stopped developing it
and latest known (beta) version was said to be very vulnerable.
--
Vladimir
|
