"Users of Adobe Flash Player 11.2.202.327 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.332." Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.332 Targeted stable KEYWORDS : amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
# ChangeLog for www-plugins/adobe-flash # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 # $Header: /var/cvsroot/gentoo-x86/www-plugins/adobe-flash/ChangeLog,v 1.226 2013/12/11 08:49:03 ago Exp $ 11 Dec 2013; Agostino Sarubbo <ago@gentoo.org> Manifest: Stable for x86, wrt bug #493894 Something went wrong. But I fixed it for you.
Thanks for your work. Cleanup was done earlier. Added to existing GLSA draft
CVE-2013-5332 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5332): Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2013-5331 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5331): Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
This issue was resolved and addressed in GLSA 201402-06 at http://security.gentoo.org/glsa/glsa-201402-06.xml by GLSA coordinator Mikle Kolyada (Zlogene).