Adobe Security Bulletin not yet available however release notes (https://helpx.adobe.com/flash-player/release-note/fp_23_air_23_release_notes.html) were updated: > November 8, 2016 > > In today's scheduled release, we've updated Flash Player with > important bug fixes and security updates. Upstream has already released v11.2.202.644 and v23.0.0.207.
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.644 =www-plugins/adobe-flash-23.0.0.207 Targeted stable KEYWORDS : amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2016-7865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7865): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7864): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7863 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7863): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7862 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7862): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7861 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7861): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7860 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7860): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7859): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7858): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. CVE-2016-7857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7857): Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
This issue was resolved and addressed in GLSA 201611-18 at https://security.gentoo.org/glsa/201611-18 by GLSA coordinator Aaron Bauman (b-man).
