[Secure-testing-team] Bug#761022: [pepperflashplugin-nonfree] Doesn't check real upstream for updates
Alex Goebel
alex.goebel at gmail.com
Wed Sep 10 00:41:46 UTC 2014
Package: pepperflashplugin-nonfree
Version: 1.5
Severity: grave
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
The check for updates
update-pepperflashplugin-nonfree --status
checks an apparently hand-made file on people.d.o and not the real upstream.
As a consequence, as of right now, the former claims
"Flash Player version available on upstream site: 14.0.0.177"
while the actual upstream at http://www.adobe.com/software/flash/about/
suggests 15.0.0.152 for Linux+Chrome+Pepper.
Flash is probably one of the things where delaying updates because
manual interaction is needed can be very bad.
Even if that manual interaction is required (e.g. for validating
checksums), the update script should clearly warn that there is a newer
version and perhaps even suggest to de-install the current one.
Thanks.
More information about the Secure-testing-team
mailing list