Re: [OT] Re: FW: US-CERT Technical Cyber Security Alert TA06-075A -- Adobe Macromedia Flash Products Multiple Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday 19 March 2006 21:18, Todd Zullinger wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Gene Heskett wrote:
>> I have that same problem.  First, this advisory is a wee bit old,
>> and second the files in that rpm are as you say, obviously dated to
>> well before this vulnerability was published.  Like Dec 8, 2005.
>
>Well, we're far off topic here, but in the hopes of adding
>useful knowledge to the pool, here are a few comments.

I wouldn't say we were THAT far off topic. :)

>Looking at the CVE[1], it appears that this issue was assigned on
>2005/11/30.  So it's very possible that Macromedia had a chance to
>update their legacy 7x flash code by the 8th.
>
>Sure, the files from the Macromedia archive are dated Dec 8 and they
>didn't issue the advisory until Mar 14.  This could be due to any
>number of factors.  Maybe developing a fix for the newer 8x flash
>player (for windows and mac, not *nix) took longer.  Or it could be
>that some of Macromedia's partners needed/wanted more time to get
>patches integrated before the security hole was released.
>
>It's also quite possible that Macromedia just isn't as fast to push
>out patches as many of us in the free software world are used to.
>
The point is that when I went to install it, it had already, previously 
been installed by yum, several nights ago.  But just for grins, let me 
check the date of that rpm in the yum cache.  Yes that was on the 16th 
of March.  Not quite as old in fact as it was in my well aged wet ram.  
Having seen the advisory on another site, I did that by hand, and 
automaticly assumed this was a brand new vulnerability.  My bad.  I 
should have looked in my own cache, but took the easy way out of 
makeing some obviously useless noise...  My apologies.

[...]

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux