Please version bump adobe-flash to 11.2.202.275: Adobe has released security updates for Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.273 and earlier versions for Linux, Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2013-0646). These updates resolve a use-after-free vulnerability that could be exploited to execute arbitrary code (CVE-2013-0650). These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-1371). These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-1375). Source: http://www.adobe.com/support/security/bulletins/apsb13-09.html
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.275 Stable KEYWORDS : amd64 x86
amd64 stable
x86 stable
Adding to existing GLSA draft.
CVE-2013-1375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1375): Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. CVE-2013-1371 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1371): Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2013-0650 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0650): Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. CVE-2013-0646 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0646): Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
This issue was resolved and addressed in GLSA 201309-06 at http://security.gentoo.org/glsa/glsa-201309-06.xml by GLSA coordinator Sean Amoss (ackle).
