[OT] Re: FW: US-CERT Technical Cyber Security Alert TA06-075A -- Adobe Macromedia Flash Products Multiple Vulnerabilities

Gene Heskett gene.heskett at verizon.net
Mon Mar 20 03:47:33 UTC 2006 

On Sunday 19 March 2006 21:18, Todd Zullinger wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Gene Heskett wrote:
>> I have that same problem.  First, this advisory is a wee bit old,
>> and second the files in that rpm are as you say, obviously dated to
>> well before this vulnerability was published.  Like Dec 8, 2005.
>
>Well, we're far off topic here, but in the hopes of adding
>useful knowledge to the pool, here are a few comments.

I wouldn't say we were THAT far off topic. :)

>Looking at the CVE[1], it appears that this issue was assigned on
>2005/11/30.  So it's very possible that Macromedia had a chance to
>update their legacy 7x flash code by the 8th.
>
>Sure, the files from the Macromedia archive are dated Dec 8 and they
>didn't issue the advisory until Mar 14.  This could be due to any
>number of factors.  Maybe developing a fix for the newer 8x flash
>player (for windows and mac, not *nix) took longer.  Or it could be
>that some of Macromedia's partners needed/wanted more time to get
>patches integrated before the security hole was released.
>
>It's also quite possible that Macromedia just isn't as fast to push
>out patches as many of us in the free software world are used to.
>
The point is that when I went to install it, it had already, previously 
been installed by yum, several nights ago.  But just for grins, let me 
check the date of that rpm in the yum cache.  Yes that was on the 16th 
of March.  Not quite as old in fact as it was in my well aged wet ram.  
Having seen the advisory on another site, I did that by hand, and 
automaticly assumed this was a brand new vulnerability.  My bad.  I 
should have looked in my own cache, but took the easy way out of 
makeing some obviously useless noise...  My apologies.

[...]

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

More information about the fedora-legacy-list mailing list