LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

October 2011

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS October 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Flash plugin
From:	jdow <[log in to unmask]>
Reply To:	jdow <[log in to unmask]>
Date:	Fri, 7 Oct 2011 00:24:54 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (56 lines)

On 2011/10/07 00:12, Dag Wieers wrote:
> On Thu, 6 Oct 2011, Yasha Karant wrote:
>
>> On 10/06/2011 04:37 PM, Dag Wieers wrote:
>>> On Thu, 6 Oct 2011, Yasha Karant wrote:
>>>
>>> > I realise that except for the Fermilab/CERN staff persons, almost all
>>> > of the rest of those maintaining material for SL are unpaid
>>> > volunteers. With that stated, what is the
>>> > typical/average/median/whatever delay from the Adobe release until the
>>> > SL compatible port for the flash plugin?
>>> > > In some cases, Adobe adds functionality -- but in most cases it is a
>>> > matter of bug and security-hole fixes -- and the sooner one installs a
>>> > valid security fix, the better.
>>>
>>> Do you have proof that this is a security fix. Because I track the RHEL
>>> packages and no such update has come through their channels. It seems as
>>> if the release was simply their official Flash Player 11 release, rather
>>> than a security fix.
>>>
>>> If it is a security fix, even Red Hat is behind. Somehow I don't believe
>>> that, but for you to provide proof of what you state. Thanks.
>>
>> I use the direct Mozilla (and OpenOffice) distributions and updates. For
>> Firefox 7.x (that the Firefox update on Help --> About Firefox reports as up
>> to date), I ran an update check on the addons, including plugins using Tools
>> --> Add ons and URL https://www.mozilla.org/en-US/plugincheck/ and the
>> following was displayed:
>>
>> Vulnerable plugins:
>> Plugin Icon
>> Shockwave Flash
>> Shockwave Flash 11.0 r1 Vulnerable (more info)
>>
>> (11.0.1.129 is what actually is installed)
>
> Again, without any information it is hard to determine whether the plugincheck
> is mainly checking the version against the latest (known) available, or whether
> it actually knows about vulnerabilities.
>
> I bet the first option is what is implemented (because the second adds
> complexity without any real gain). Their aim is to have people running the latest.
>
> ALso, if we look at TUV, they still offer flash-plugin-10.3.183.10-1.el6, which
> is most likely not vulnerable (and which was the version offered by Repoforge
> until this morning too). In other words, we are now disconnected from the RHSA
> information.
>
> If you noticed a flash-plugin update from Adobe, feel free to let us know so we
> can update our flash-plugin package too.

In that vein it seems "odd" to me that a 32 bit package would be accepted as an
update for a 64 bit package. This seems to be to be a bug.

{^_^}

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV