"Adobe has released security updates for ... Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system."
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.350 Targeted stable KEYWORDS : amd64 x86
Stable for AMD64 x86.
CVE-2014-0509 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0509): Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CVE-2014-0508 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0508): Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. CVE-2014-0507 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0507): Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows attackers to execute arbitrary code via unspecified vectors.
this player version, =www-plugins/adobe-flash-11.2.202.350, fails on youtube with undefined, out of date or unrecognized version at ABC.com, facebook, etc
(In reply to Drake Donahue from comment #4) > this player version, =www-plugins/adobe-flash-11.2.202.350, fails on youtube > with undefined, out of date or unrecognized version at ABC.com, facebook, etc chromium-35.0.1916.27 displays this behavior; firefox-bin-24.4.0 does not
(In reply to Drake Donahue from comment #5) > (In reply to Drake Donahue from comment #4) > > this player version, =www-plugins/adobe-flash-11.2.202.350, fails on youtube > > with undefined, out of date or unrecognized version at ABC.com, facebook, etc > > chromium-35.0.1916.27 displays this behavior; firefox-bin-24.4.0 does not This is security bug, please do _NOT_ discuss there about your behaviour problems. File separate bug.
This issue was resolved and addressed in GLSA 201405-04 at http://security.gentoo.org/glsa/glsa-201405-04.xml by GLSA coordinator Sergey Popov (pinkbyte).