SUMO community discussions

Plugincheck incorrectly reports Flash plugin as vulnerable in Linux

  • 8 Replies
  • Last reply by John99
  1. Underpass
    Underpass 773 posts
    more options

    As in the subject, the bug has already been filled

    https://bugzilla.mozilla.org/show_bug.cgi?id=801329

    Would it be possible to speed up the resolution?

    Thanks.

    As in the subject, the bug has already been filled https://bugzilla.mozilla.org/show_bug.cgi?id=801329 Would it be possible to speed up the resolution? Thanks.
  2. Ibai
    Ibai 301 posts
    more options

    Tomcat seems to be working on it.

    Thanks for reporting!

    Ibai

    Tomcat seems to be working on it. Thanks for reporting! Ibai
  3. Andrew
    Andrew 1232 posts
    more options

    Posted follow up comment.

    Posted follow up comment.
  4. AliceWyman
    AliceWyman 6154 posts
    more options

    underpass said

    As in the subject, the bug has already been filled https://bugzilla.mozilla.org/show_bug.cgi?id=801329 Would it be possible to speed up the resolution? Thanks.

    That's an old bug, filed Oct 13 2012: The bug description says, plugincheck is incorrectly identifying the latest Adobe Linux flashplayer (11.2.202.243) as being vulnerable.

    According to the most recent Adobe Flash security bulletin, http://www.adobe.com/support/security/bulletins/apsb13-17.html dated July 9th, 2013, the latest Flash plugin for Linux is Adobe Flash Player 11.2.202.297 and that's the version available at http://www.adobe.com/products/flashplayer/distribution3.html

    Are you saying that PluginCheck is identifying 11.2.202.297 as insecure on Linux? If so, I would mention that in the bug report.

    ''underpass [[#post-53695|said]]'' <blockquote> As in the subject, the bug has already been filled https://bugzilla.mozilla.org/show_bug.cgi?id=801329 Would it be possible to speed up the resolution? Thanks. </blockquote> That's an old bug, filed Oct 13 2012: <sub>The [https://bugzilla.mozilla.org/show_bug.cgi?id=801329#c0 bug description] says, </sub>''plugincheck is incorrectly identifying the latest Adobe Linux flashplayer (11.2.202.243) as being vulnerable''. According to the most recent Adobe Flash security bulletin, http://www.adobe.com/support/security/bulletins/apsb13-17.html dated July 9th, 2013, the latest Flash plugin for Linux is Adobe Flash Player 11.2.202.297 and that's the version available at http://www.adobe.com/products/flashplayer/distribution3.html Are you saying that PluginCheck is identifying 11.2.202.297 as insecure on Linux? If so, I would mention that in the bug report.

    Modified by AliceWyman on

  5. John99
    John99 3665 posts
    more options

    Plugin check is listing Flash under Outdated Plugins saying it is vulnerable and should be updated although I am on 11.2.202.297

    I added a comment to the bug

    Although I note the bug status is at present New and unassigned.

    Plugin check is listing Flash under ''Outdated Plugins'' saying it is vulnerable and should be updated although I am on 11.2.202.297 I added a comment to the bug *[https://bugzilla.mozilla.org/show_bug.cgi?id=801329#c4 Bug 801329 - plugincheck is incorrectly identifying the latest Linux flash plugin as vulnerable #c4] Although I note the bug status is at present New and unassigned.
  6. Underpass
    Underpass 773 posts
    more options

    The bug report is not referred to a specific version. And yes, the problem still remains - I avoided to open another bug since this one already existed.

    The bug report is not referred to a specific version. And yes, the problem still remains - I avoided to open another bug since this one already existed.
  7. AliceWyman
    AliceWyman 6154 posts
    more options

    John99, Thanks for adding a comment to the bug with updated information and linking back to this thread.

    underpass, You're right, the summary for Bug 801329 - plugincheck is incorrectly identifying the latest Linux flash plugin as vulnerable doesn't mention a specific Flash version which is likely part of the problem.

    For example, the following comment was just added to another similarly-named but much older bug,
    Bug 615817 - plugincheck shows most recent version of Adobe Flash Player for linux as outdated
    .... which was filed 2010-12-01and now marked "Fixed": 

    dotnetCarpenter 2013-08-16 11:40:02 PDT

    Please reopen.

    Current latest and last one for linux, is Shockwave Flash 11.2 r202 also known as Shockwave Flash 11.2.202.297

    Apparently Adobe has a history of saying last version for linux as @Frédéric has reported earlier. But are committed to release security updates.

    IMHO https://www.mozilla.org/plugincheck/ should have a transparent registry for plugins versions.
   Firefox 23.0
   Ubuntu 12.10
   File: libflashplayer.so
   Path: /usr/lib/adobe-flashplugin/libflashplayer.so
   Version: 11.2.202.297
   Status: Enabled
   Shockwave Flash 11.2 r202

    Bug 615817 comment 6 by kitchin (dated 2011-02-15) states that this bug was fixed by bug 630468 and the bug summary is Bug 630468 - Update Adobe Flash to version 10.2.152 on plugincheck.

    If you do a bugzilla search on PluginCheck Flash bugs, many of them do include a version number.

    '''John99''', Thanks for adding a comment to the bug with updated information and linking back to this thread. '''underpass''', You're right, <sub>the summary for </sub>[https://bugzilla.mozilla.org/show_bug.cgi?id=801329 Bug 801329 - plugincheck is incorrectly identifying the latest Linux flash plugin as vulnerable] doesn't mention a specific Flash version which is likely part of the problem. For example, the following comment was just added to another similarly-named but much older bug,<br> [https://bugzilla.mozilla.org/show_bug.cgi?id=615817 Bug 615817 - plugincheck shows most recent version of Adobe Flash Player for linux as outdated]<br>.... which was filed 2010-12-01and now marked "Fixed": ----- dotnetCarpenter 2013-08-16 11:40:02 PDT Please reopen. Current latest and last one for linux, is Shockwave Flash 11.2 r202 also known as Shockwave Flash 11.2.202.297 Apparently Adobe has a history of saying last version for linux as @Frédéric has reported earlier. But are committed to release security updates. IMHO https://www.mozilla.org/plugincheck/ should have a transparent registry for plugins versions. Firefox 23.0 Ubuntu 12.10 File: libflashplayer.so Path: /usr/lib/adobe-flashplugin/libflashplayer.so Version: 11.2.202.297 Status: Enabled Shockwave Flash 11.2 r202 ----- [https://bugzilla.mozilla.org/show_bug.cgi?id=615817#c6 Bug 615817 comment 6] by kitchin (dated 2011-02-15) states that this bug was ''fixed by [https://bugzilla.mozilla.org/show_bug.cgi?id=630468 bug 630468]'' and the bug summary is ''Bug 630468 - Update Adobe Flash to version 10.2.152 on plugincheck''. If you do a [https://bugzilla.mozilla.org/buglist.cgi?list_id=7673485&short_desc=PluginCheck%20&resolution=---&resolution=FIXED&resolution=INVALID&resolution=WONTFIX&resolution=DUPLICATE&query_format=advanced&longdesc=Flash&short_desc_type=substring&longdesc_type=allwordssubstr bugzilla search on PluginCheck Flash] bugs, many of them do include a version number.

    Modified by AliceWyman on

  8. Underpass
    Underpass 773 posts
    more options

    Bump! The problem is still unsolved...

    Thanks

    Bump! The problem is still unsolved... Thanks
  9. John99
    John99 3665 posts
    more options

    It is Linux. The bug 801329 is not even re-assigned as yet. I doubt we should expect any speedy resolution. You could try voting for the bug, but I am not sure anyone really counts the votes.

    It is Linux. The bug 801329 is not even re-assigned as yet. I doubt we should expect any speedy resolution. You could try voting for the bug, but I am not sure anyone really counts the votes.