Bug 552946 (CVE-2015-3113)

Summary:	<www-plugins/adobe-flash-11.2.202.468 - heap buffer overflow (CVE-2015-3113)
Product:	Gentoo Security	Reporter:	rypervenche <contact>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	desktop-misc, hyedad, jer
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
Whiteboard:	B2 [glsa cve]
Package list:		Runtime testing required:	---

Description rypervenche 2015-06-23 17:54:18 UTC

It looks as though there is a security vulnerability in this version.

CVE-2015-3113:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

I believe simply changing the version number will work for this :)

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2015-06-24 04:24:05 UTC

Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.468
Targeted stable KEYWORDS : amd64 x86

Comment 2 Agostino Sarubbo gentoo-dev

2015-06-26 08:06:20 UTC

x86 stable

Comment 3 Agostino Sarubbo gentoo-dev

2015-06-26 08:06:46 UTC

amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2015-06-30 00:11:14 UTC

CVE-2015-3113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x
  through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468
  on Linux allows remote attackers to execute arbitrary code via unspecified
  vectors, as exploited in the wild in June 2015.

Comment 5 Sergey Popov gentoo-dev

2015-07-01 09:46:12 UTC

Cleanup was done by maintainer

GLSA request filed

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2015-07-10 12:56:48 UTC

This issue was resolved and addressed in
 GLSA 201507-13 at https://security.gentoo.org/glsa/201507-13
by GLSA coordinator Kristian Fiskerstrand (K_F).