Advisory: ============ Adobe Flash Player 11.2.202.285 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335). References: http://www.adobe.com/support/security/bulletins/apsb13-14.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3327 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3328 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3330 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3335 ============ Updated Flash Player 11.2.202.285 packages are in mga2 nonfree/updates_testing as flash-player-plugin (i586 and x86_64) and flash-player-plugin-kde (i586 and x86_64).
We shouldn't push this until it can be pushed for Mageia 3 also.
CC: (none) => luigiwalser
I'd suggest, to get this included for release we should count this bug as our first mga2 & mga3 validation and test the flash player in mga3 updates testing during our installations as well. It can then be pushed into both in the knowledge it's been checked. I'm happy to do so tomorrow (if Dave doesn't beat me to it) I've had to be elsewhere today.
Testing complete on Mageia 2 i586, x86_64, Mageia 3 i586 and x86_64 using http://www.youtube.com/watch?v=KaOC9danxNo Could someone from the sysadmin team push the srpm flash-player-plugin-11.2.202.285-1.mga2.nonfree.src.rpm from Mageia 2 Nonfree Updates Testing to Nonfree Updates, and make an exception to push the srpm flash-player-plugin-11.2.202.285-1.mga3.nonfree.src.rpm from Mageia 3 Nonfree Updates Testing to Nonfree release, or delete it from Nonfree Updates Testing and submit it to Nonfree Release. Note that it is not included on any of the iso images. Advisory: Adobe Flash Player 11.2.202.285 contains fixes to critical security vulnerabilities found in earlier versions. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335). References: http://www.adobe.com/support/security/bulletins/apsb13-14.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2728 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3326 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3327 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3328 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3330 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3335 https://bugs.mageia.org/show_bug.cgi?id=10093
Keywords: (none) => validated_updateWhiteboard: (none) => MGA2-64-OK MGA2-32-OK MGA3-64-OK MGA3-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
Thanks Dave :)
Version: 2 => 3Whiteboard: MGA2-64-OK MGA2-32-OK MGA3-64-OK MGA3-32-OK => MGA2TOO MGA2-64-OK MGA2-32-OK MGA3-64-OK MGA3-32-OK
MGA3-*-OK - how can this be OK? AFAIK Thomas will wipe updates_testing when we are releasing Mageia 3. Also AFAIK there are some packages in updates_testing that won't be released at all with Mageia 3. How do you know that packages in updates_testing don't depend on such packages?
CC: (none) => sander.lepik
I guess the same way we do for Mageia 2, we don't install them :) Not sure I understand your objection to this Sander? Flash player is widely deployed software which we normally prioritise in our testing and this has now been tested on Mageia 2 and Mageia 3 on x86_64 and i586.
Yeah, but if Thomas is going to wipe updates_testing during release then what are you going to push into updates? AFAIK those packages have to be rebuilt after release. And that means they have to be tested again.. Correct me if I'm missing something.
Well, hopefully Thomas can push them from testing into release on cauldron and testing to updates on mga2. The alternative would be to hold the update on mageia 2 until after release of mga3, which for something like flash seems unwise if we can possibly help it. We'll defer to his judgement of course.
Testing complete for flash-player-plugin-11.2.202.285-1.mga2.nonfree and flash-player-plugin-kde-11.2.202.285-1.mga2.nonfree Mageia release 2 (Official) for x86_64, it's ok for me nothing to report and work fine. Some video on youtube, dailymotion, pluzz.fr, M6, etc.... Test on speedtest.net using flash-player too.
CC: (none) => geiger.david68210
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0146 and Cauldron packages moved to release
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED