# Flash - to vuln or not to vuln



## Deleted member 9563 (Jan 13, 2017)

What's happening with the linux-c6-flashplugin11 port? I can't seem to install it without getting this:

```
1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
```

Are people doing without flash now, or are they building the port as suggested above?


----------



## cpm@ (Jan 13, 2017)

www/linux-c6-flashplugin11 was removed upstream

`less -p linux-c6-flashplugin11 /usr/ports/MOVED`

If you need/want to use flashplugin then install www/linux-flashplayer


----------



## Deleted member 9563 (Jan 13, 2017)

Thanks cpm@ I never thought to check the /usr/ports/MOVED file. That certainly clarifies that. The handbook hasn't caught up with that move.

However, now I've got another problem. It seems like www/linux-flashplayer installs with linux-c6-curl-7.19.7_9 which is rejected because it has known vulnerabilities. The repository package is linux-c6-curl: 7.19.7_8 which stops the flashplayer from compiling if it's already there. This, by the way, is on a freshly installed system with all updates done today.

It seems like I'm stuck. Perhaps this is bad time for such a wild adventure as Flash.


----------



## cpm@ (Jan 13, 2017)

Yes, ftp/linux-c6-curl has known vulnerabilities


```
% pkg audit linux-c6-curl-7.19.7_9
linux-c6-curl-7.19.7_9 is vulnerable:
curl -- Credentials not checked
CVE: CVE-2016-0755
WWW: https://vuxml.FreeBSD.org/freebsd/8b27f1bc-c509-11e5-a95f-b499baebfeaf.html

1 problem(s) in the installed packages found.
```

but you can ignore it with `make DISABLE_VULNERABILITIES=yes`


----------



## drhowarddrfine (Jan 13, 2017)

OJ You're not alone. I've given up on it but there are so few things I need to look at that require Flash that I don't care too much. In this day and age, I'm shocked that some major news sites still do.


----------



## cpm@ (Jan 13, 2017)

drhowarddrfine said:


> OJ You're not alone. I've given up on it but there are so few things I need to look at that require Flash that I don't care too much. In this day and age, I'm shocked that some major news sites still do.



Adobe said that it "encourage content creators to build with new web standards" such as HTML5, rather than Flash. 

It was announced in its day, but some web designers do not care.


----------



## drhowarddrfine (Jan 13, 2017)

cpm@ They'll start caring once they figure out Flash won't work at all anymore in browsers in a year or two.


----------

