Comment 1 Kristian Fiskerstrand (RETIRED) 2015-11-10 20:43:44 UTC

The upstream bulletin classify it as priority 3 for linux client so setting A3 for now. 

The full list of vulnerabilities fixed (but not checked which affects the linux client 11.x yet);

Vulnerability Details

    These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659).
    These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: 

    Anonymous working with HP's Zero Day Initiative (CVE-2015-7661)
    Bilou working with HP's Zero Day Initiative (CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-8042)
    Bilou working with HP's Zero Day Initiative, and Natalie Silvanovich of Google Project Zero (CVE-2015-7652)
    Jordan Rabet (CVE-2015-7662)
    Kenneth Fitch and Aaron Lamb of Endgame (CVE-2015-7663)
    Natalie Silvanovich of Google Project Zero (CVE-2015-8043, CVE-2015-8044, CVE-2015-8046)

Comment 2 Jeroen Roovers (RETIRED) 2015-11-10 20:51:18 UTC

Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.548
Targeted stable KEYWORDS : amd64 x86

Comment 3 Agostino Sarubbo 2015-11-11 08:18:52 UTC

(In reply to Kristian Fiskerstrand from comment #1)
> The upstream bulletin classify it as priority 3 for linux client so setting
> A3 for now. 

Apart the priority, which is adobe internal, since it says code execution I'd set to A2

Comment 4 Agostino Sarubbo 2015-11-11 08:55:15 UTC

amd64 stable

Comment 5 Kristian Fiskerstrand (RETIRED) 2015-11-11 09:09:37 UTC

(In reply to Agostino Sarubbo from comment #3)
> (In reply to Kristian Fiskerstrand from comment #1)
> > The upstream bulletin classify it as priority 3 for linux client so setting
> > A3 for now. 
> 
> Apart the priority, which is adobe internal, since it says code execution
> I'd set to A2

I haven't verified that the linux version is also affected by that CVE, but its Adobe so ... better be cautious (although it doesn't affect handling anyways)

Comment 6 Agostino Sarubbo 2015-11-11 09:41:19 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 7 Sergey Popov 2015-11-17 11:39:37 UTC

Cleanup was done by maintainer, added to GLSA request

Comment 8 GLSAMaker/CVETool Bot 2015-11-17 11:47:36 UTC

This issue was resolved and addressed in
 GLSA 201511-02 at https://security.gentoo.org/glsa/201511-02
by GLSA coordinator Sergey Popov (pinkbyte).