Also adobe-flash 11.x isn't affected by CVE-2015-0313 [1], adobe ships a new release which includes fixes for several issues (18 CVEs in total). Please bump. [1] http://helpx.adobe.com/security/products/flash-player/apsa15-02.html Reproducible: Always
+ 06 Feb 2015; Patrick Lauer <patrick@gentoo.org> + +adobe-flash-11.2.202.442.ebuild: + Bump #538982
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.442 Targeted stable KEYWORDS : amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Added to existing GLSA draft
CVE-2015-0330 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0330): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329. CVE-2015-0329 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0329): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330. CVE-2015-0321 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0321): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330. CVE-2015-0318 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0318): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. CVE-2015-0316 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0316): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330. CVE-2015-0314 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0314): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
CVE-2015-0322 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0322): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0320. CVE-2015-0320 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0320): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, and CVE-2015-0322. CVE-2015-0315 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0315): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322.
CVE-2015-0319 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0319): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0317. CVE-2015-0317 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0317): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0319.
CVE-2015-0327 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0327): Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323. CVE-2015-0323 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0323): Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0327.
CVE-2015-0324 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0324): Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-0328 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0328): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0326. CVE-2015-0326 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0326): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328. CVE-2015-0325 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0325): Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0326 and CVE-2015-0328.
This issue was resolved and addressed in GLSA 201502-02 at http://security.gentoo.org/glsa/glsa-201502-02.xml by GLSA coordinator Mikle Kolyada (Zlogene).
CVE-2015-0313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0313): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. CVE-2015-0312 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0312): Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-0331 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0331): Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.