Subject: CVS commit: [pkgsrc-2011Q3] pkgsrc/multimedia/adobe-flash-plugin10.1
From: Steven Drake
Date: 2011-11-13 03:01:28
Message id: 20111113020129.09471175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3600 - requested by abs
multimedia/adobe-flash-plugin10.1 security update

Revisions pulled up:
- multimedia/adobe-flash-plugin10.1/Makefile                    1.15
- multimedia/adobe-flash-plugin10.1/distinfo                    1.7

---
   Module Name:    pkgsrc
   Committed By:   abs
   Date:           Sat Nov 12 22:02:24 UTC 2011

   Modified Files:
          pkgsrc/multimedia/adobe-flash-plugin10.1: Makefile distinfo

   Log Message:
   Updated multimedia/adobe-flash-plugin10.1 to 10.3.183.11

   Changes from 10.3.183.7

   Critical vulnerabilities have been identified in Adobe Flash Player
   11.0.1.152 and earlier versions for Windows, Macintosh, Linux and
   Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions
   for Android. These vulnerabilities could cause a crash and potentially
   allow an attacker to take control of the affected system.

   Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier
   versions for Windows, Macintosh, Linux and Solaris update to Adobe
   Flash Player 11.1.102.55. Users of Adobe Flash Player 11.0.1.153
   and earlier versions for Android should update to Adobe Flash Player
   11.1.102.59 for Android. Users of Adobe AIR 3.0 for Windows,
   Macintosh, and Android should update to Adobe AIR 3.1.0.4880.

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2445).

   This update resolves a heap corruption vulnerability that could lead
   to code execution (CVE-2011-2450).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2451).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2452).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2453).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2454).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2455).

   This update resolves a buffer overflow vulnerability that could lead
   to code execution (CVE-2011-2456).

   This update resolves a stack overflow vulnerability that could lead to
   code execution (CVE-2011-2457).

   This update resolves a vulnerability that could lead to a cross-domain
   policy bypass (Internet Explorer-only) (CVE-2011-2458).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2459).

   This update resolves a memory corruption vulnerability that could lead
   to code execution (CVE-2011-2460).

   ... now after reading the above, just how happy are people running this code
   from their browsers?
Files:
RevisionActionfile
1.10.2.1modifypkgsrc/multimedia/adobe-flash-plugin10.1/Makefile
1.6.2.1modifypkgsrc/multimedia/adobe-flash-plugin10.1/distinfo