-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The 64 bit version I installed an hour or so ago from the Adobe yum repo is:
flash-plugin-11.0.1.152-release.x86_64
Dag Wieers wrote:
| On Thu, 6 Oct 2011, Yasha Karant wrote:
|
|> On 10/06/2011 04:37 PM, Dag Wieers wrote:
|>> On Thu, 6 Oct 2011, Yasha Karant wrote:
|>>
|>> > I realise that except for the Fermilab/CERN staff persons, almost all
|>> > of the rest of those maintaining material for SL are unpaid
|>> > volunteers. With that stated, what is the
|>> > typical/average/median/whatever delay from the Adobe release until
|>> the
|>> > SL compatible port for the flash plugin?
|>> > > In some cases, Adobe adds functionality -- but in most cases it
|>> is a
|>> > matter of bug and security-hole fixes -- and the sooner one
|>> installs a
|>> > valid security fix, the better.
|>>
|>> Do you have proof that this is a security fix. Because I track the RHEL
|>> packages and no such update has come through their channels. It
|>> seems as
|>> if the release was simply their official Flash Player 11 release,
|>> rather
|>> than a security fix.
|>>
|>> If it is a security fix, even Red Hat is behind. Somehow I don't
|>> believe
|>> that, but for you to provide proof of what you state. Thanks.
|>
|> I use the direct Mozilla (and OpenOffice) distributions and updates.
|> For Firefox 7.x (that the Firefox update on Help --> About Firefox
|> reports as up to date), I ran an update check on the addons, including
|> plugins using Tools --> Add ons and URL
|> https://www.mozilla.org/en-US/plugincheck/ and the following was
|> displayed:
|>
|> Vulnerable plugins:
|> Plugin Icon
|> Shockwave Flash
|> Shockwave Flash 11.0 r1 Vulnerable (more info)
|>
|> (11.0.1.129 is what actually is installed)
|
| Again, without any information it is hard to determine whether the
| plugincheck is mainly checking the version against the latest (known)
| available, or whether it actually knows about vulnerabilities.
|
| I bet the first option is what is implemented (because the second adds
| complexity without any real gain). Their aim is to have people running
| the latest.
|
| ALso, if we look at TUV, they still offer
| flash-plugin-10.3.183.10-1.el6, which is most likely not vulnerable (and
| which was the version offered by Repoforge until this morning too). In
| other words, we are now disconnected from the RHSA information.
|
| If you noticed a flash-plugin update from Adobe, feel free to let us
| know so we can update our flash-plugin package too.
|
| Thanks in advance,
- --
Robert E. Blair, Room C221, Building 360
Argonne National Laboratory (High Energy Physics Division)
9700 South Cass Avenue, Argonne, IL 60439, USA
Phone: (630)-252-7545 FAX: (630)-252-5782
GnuPG Public Key: http://www.hep.anl.gov/reb/key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFOjqn/OMIGC6x7/XQRAhFvAJ9QBWWochI/ODbT+jfTvfM8YpxjLwCgrOxG
qdBTZXJirs0EQgmSn2XL/Eg=
=gp6S
-----END PGP SIGNATURE-----
|