Summary: | <www-plugins/adobe-flash-10.0.45.2: Multiple Vulnerabilities (CVE-2010-{0186,0187}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alx333, desktop-misc, gentoo, kfm, lack |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.adobe.com/support/security/bulletins/apsb10-06.html | ||
Whiteboard: | A3 [glsa wait] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2010-03-04 11:34:33 UTC
CVE-2010-0187 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0187): Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file. Yes, please go ahead and request stability for 10.0.45.2 at your leisure. Arches, please test and mark stable: =www-plugins/adobe-flash-10.0.45.2 Target keywords : "amd64 x86" x86 stable amd64 stable lack: Please remove old versions. GLSA vote: NO and with that overriding A3. The information on the 0186 issue is very vague, 0187 is a client crash. Old version 10.0.42.34 is removed. Adobe Flash Player 10.0.45.2, 9.0.262, and earlier also vulnerable (http://www.adobe.com/support/security/advisories/apsa10-01.html) (In reply to comment #8) > Adobe Flash Player 10.0.45.2, 9.0.262, and earlier also vulnerable > (http://www.adobe.com/support/security/advisories/apsa10-01.html) > Thanks, filed bug 322855 and bug 322857 for tracking. This is GLSA 201101-09; thank you. |