Debian Bug report logs -
#459071
CVE-2007-6637: Multiple cross-site scripting (XSS) vulnerabilities
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Fri, 4 Jan 2008 11:36:01 UTC
Severity: important
Tags: security
Found in version flashplugin-nonfree/1:1.4
Done: Bart Martens <bartm@knars.be>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Bart Martens <bartm@debian.org>
:
Bug#459071
; Package flashplugin-nonfree
.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>
:
New Bug report received and forwarded. Copy sent to Bart Martens <bartm@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: flashplugin-nonfree
Severity: important
Tags: security
Hi
The following CVE[0] has been issued against Adobe Flash Player.
CVE-2007-6637:
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
Player allow remote attackers to inject arbitrary web script or HTML via
a crafted SWF file, related to "pre-generated SWF files" and Adobe
Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
is already covered by CVE-2007-6244.1.
Could you please check, if the debian version needs to be updated?
Thanks for your efforts.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
Information forwarded to debian-bugs-dist@lists.debian.org, Bart Martens <bartm@debian.org>
:
Bug#459071
; Package flashplugin-nonfree
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Bart Martens <bartm@debian.org>
.
(full text, mbox, link).
Message #10 received at 459071@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Steffen,
* Steffen Joeris <steffen.joeris@skolelinux.de> [2008-01-04 13:44]:
> The following CVE[0] has been issued against Adobe Flash Player.
>
> CVE-2007-6637:
>
> Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
> Player allow remote attackers to inject arbitrary web script or HTML via
> a crafted SWF file, related to "pre-generated SWF files" and Adobe
> Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
> is already covered by CVE-2007-6244.1.
>
> Could you please check, if the debian version needs to be updated?
There is no update for this yet as described in the advisory
by adobe:
http://www.adobe.com/support/security/advisories/apsa07-06.html
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Bart Martens <bartm@debian.org>
:
Bug#459071
; Package flashplugin-nonfree
.
(full text, mbox, link).
Acknowledgement sent to Hideki Yamane <henrich@debian.or.jp>
:
Extra info received and forwarded to list. Copy sent to Bart Martens <bartm@debian.org>
.
(full text, mbox, link).
Message #15 received at 459071@bugs.debian.org (full text, mbox, reply):
Package: flashplugin-nonfree
Version: 1:1.4
Hi,
Adobe released update for flashplugin, version 9.0.124.0 and security advisory[0].
It fixes a lot of vulnerabilities[1] including reported at #459071.
Please update package.
[0]: http://www.adobe.com/support/security/bulletins/apsb08-11.html
[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
Reply sent to Bart Martens <bartm@knars.be>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 459071-done@bugs.debian.org (full text, mbox, reply):
Fixed in Adobe Flash Player 9,0,124,0.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 01 Jun 2008 07:35:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:09:52 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.