From ${URL} : Description A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA56267 The vulnerability is reported in Adobe Flash Player for Linux version 11.2.202.332. Solution: Update to version 11.2.202.335. Provided and/or discovered by: The vendor credits Masato Kinugawa. Original Advisory: http://helpx.adobe.com/security/products/flash-player/apsb14-02.html @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.335 Targeted stable KEYWORDS : amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
CVE-2014-0492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0492): Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak." CVE-2014-0491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0491): Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.
Added to existing GLSA draft
Cleanup was done by Jeroen Roovers
This issue was resolved and addressed in GLSA 201402-06 at http://security.gentoo.org/glsa/glsa-201402-06.xml by GLSA coordinator Mikle Kolyada (Zlogene).