CVE-2010-0186 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0186): Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, Adobe AIR before 1.5.3.9130, and Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecified vectors.
CVE-2010-0187 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0187): Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
Yes, please go ahead and request stability for 10.0.45.2 at your leisure.
Arches, please test and mark stable: =www-plugins/adobe-flash-10.0.45.2 Target keywords : "amd64 x86"
x86 stable
amd64 stable
lack: Please remove old versions. GLSA vote: NO and with that overriding A3. The information on the 0186 issue is very vague, 0187 is a client crash.
Old version 10.0.42.34 is removed.
Adobe Flash Player 10.0.45.2, 9.0.262, and earlier also vulnerable (http://www.adobe.com/support/security/advisories/apsa10-01.html)
(In reply to comment #8) > Adobe Flash Player 10.0.45.2, 9.0.262, and earlier also vulnerable > (http://www.adobe.com/support/security/advisories/apsa10-01.html) > Thanks, filed bug 322855 and bug 322857 for tracking.
This is GLSA 201101-09; thank you.