Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 504286 (CVE-2014-0503) - <www-plugins/adobe-flash-11.2.202.346 - multiple vulnerabilities (CVE-2014-{0503,0504})
Summary: <www-plugins/adobe-flash-11.2.202.346 - multiple vulnerabilities (CVE-2014-{0...
Status: RESOLVED FIXED
Alias: CVE-2014-0503
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://helpx.adobe.com/security/produ...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-12 02:21 UTC by Jeroen Roovers (RETIRED)
Modified: 2014-05-03 19:14 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2014-03-12 02:21:07 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.346
Targeted stable KEYWORDS : amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2014-03-15 13:16:22 UTC
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2014-03-15 13:16:44 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-03-15 13:26:40 UTC
CVE-2014-0504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504):
  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before
  12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows
  attackers to read the clipboard via unspecified vectors.

CVE-2014-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503):
  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before
  12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows
  remote attackers to bypass the Same Origin Policy via unspecified vectors.
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-03-16 08:23:01 UTC
Cleanup done by jer. Added to existing glsa draft.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-05-03 19:14:05 UTC
This issue was resolved and addressed in
 GLSA 201405-04 at http://security.gentoo.org/glsa/glsa-201405-04.xml
by GLSA coordinator Sergey Popov (pinkbyte).