From the upstream advisory at $URL: Adobe released security updates for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only. Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required.
Just bumped flash to 11.2.202.235. As usual, stabilize any time.
Thanks, Jim. Arches, please test and mark stable: =www-plugins/adobe-flash-11.2.202.235 Target keywords : "amd64 x86"
amd64: pass
amd64 done. Thanks Elijah
I'm can't see problems for x86, tried run under firefox and chromium: all well. Please mark stable.
x86 stable, thanks Mikle.
CVE-2012-0779 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0779): Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
Thanks, folks. Already in GLSA request.
This issue was resolved and addressed in GLSA 201206-21 at http://security.gentoo.org/glsa/glsa-201206-21.xml by GLSA coordinator Sean Amoss (ackle).