From $URL: These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7.
11.1.102.63 added to CVS.
Great, thank you. Arches, please test and mark stable: =www-plugins/adobe-flash-11.1.102.63 Target keywords : "amd64 x86"
amd64 ok
x86: ok
amd64 stable
x86 stable
(In reply to comment #6) > x86 stable wrong, this is only said *after* you have committed the change in Portage which isn't the case here
x86 done
Thanks for doing this so quickly, everyone. Added to pending GLSA request.
CVE-2012-0769 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769): Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors. CVE-2012-0768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768): The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
This issue was resolved and addressed in GLSA 201204-07 at http://security.gentoo.org/glsa/glsa-201204-07.xml by GLSA coordinator Sean Amoss (ackle).