CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities

Debian Bug report logs - #459071
CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities

Date: Fri, 04 Jan 2008 12:34:46 +0100

Package: flashplugin-nonfree
Severity: important
Tags: security

Hi

The following CVE[0] has been issued against Adobe Flash Player.

CVE-2007-6637:

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
Player allow remote attackers to inject arbitrary web script or HTML via
a crafted SWF file, related to "pre-generated SWF files" and Adobe
Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
is already covered by CVE-2007-6244.1. 


Could you please check, if the debian version needs to be updated?
Thanks for your efforts.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637

Message #10 received at 459071@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: Steffen Joeris <steffen.joeris@skolelinux.de>, 459071@bugs.debian.org

Subject: Re: Bug#459071: CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities

Date: Fri, 4 Jan 2008 15:44:25 +0100

[Message part 1 (text/plain, inline)]

Hi Steffen,
* Steffen Joeris <steffen.joeris@skolelinux.de> [2008-01-04 13:44]:
> The following CVE[0] has been issued against Adobe Flash Player.
> 
> CVE-2007-6637:
> 
> Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
> Player allow remote attackers to inject arbitrary web script or HTML via
> a crafted SWF file, related to "pre-generated SWF files" and Adobe
> Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
> is already covered by CVE-2007-6244.1. 
> 
> Could you please check, if the debian version needs to be updated?

There is no update for this yet as described in the advisory 
by adobe:
http://www.adobe.com/support/security/advisories/apsa07-06.html

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #15 received at 459071@bugs.debian.org (full text, mbox, reply):

From: Hideki Yamane <henrich@debian.or.jp>

To: 459071@bugs.debian.org

Subject: [flashplugin-nonfree] adobe released newest version 9.0.124.0 and it fixes a lot of vulnerabilities

Date: Thu, 10 Apr 2008 07:11:47 +0900

Package: flashplugin-nonfree
Version: 1:1.4

Hi,

 Adobe released update for flashplugin, version 9.0.124.0 and security advisory[0].
 It fixes a lot of vulnerabilities[1] including reported at #459071.

 Please update package.

[0]: http://www.adobe.com/support/security/bulletins/apsb08-11.html
[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
  



-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/iijmio-mail.jp

Message #20 received at 459071-done@bugs.debian.org (full text, mbox, reply):

From: Bart Martens <bartm@knars.be>

To: 459071-done@bugs.debian.org

Subject: CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities

Date: Sun, 04 May 2008 07:03:46 +0200

Fixed in Adobe Flash Player 9,0,124,0.

Send a report that this bug log contains spam.