Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 504286 (CVE-2014-0503)

Summary: <www-plugins/adobe-flash-11.2.202.346 - multiple vulnerabilities (CVE-2014-{0503,0504})
Product: Gentoo Security Reporter: Jeroen Roovers (RETIRED) <jer>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://helpx.adobe.com/security/products/flash-player/apsb14-08.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Jeroen Roovers (RETIRED) gentoo-dev 2014-03-12 02:21:07 UTC 
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.346
Targeted stable KEYWORDS : amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2014-03-15 13:16:22 UTC 
amd64 stable
Comment 2 Agostino Sarubbo gentoo-dev 2014-03-15 13:16:44 UTC 
x86 stable.

Maintainer(s), please cleanup.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-03-15 13:26:40 UTC 
CVE-2014-0504 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0504):
  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before
  12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows
  attackers to read the clipboard via unspecified vectors.

CVE-2014-0503 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0503):
  Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before
  12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows
  remote attackers to bypass the Same Origin Policy via unspecified vectors.
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-03-16 08:23:01 UTC 
Cleanup done by jer. Added to existing glsa draft.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-05-03 19:14:05 UTC 
This issue was resolved and addressed in
 GLSA 201405-04 at http://security.gentoo.org/glsa/glsa-201405-04.xml
by GLSA coordinator Sergey Popov (pinkbyte).