Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 552946 (CVE-2015-3113)

Summary: <www-plugins/adobe-flash-11.2.202.468 - heap buffer overflow (CVE-2015-3113)
Product: Gentoo Security Reporter: rypervenche <contact>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: desktop-misc, hakimian, jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
Whiteboard: B2 [glsa cve]
Package list:
Runtime testing required: ---

Description rypervenche 2015-06-23 17:54:18 UTC
It looks as though there is a security vulnerability in this version.

CVE-2015-3113:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

I believe simply changing the version number will work for this :)
Comment 1 Jeroen Roovers gentoo-dev 2015-06-24 04:24:05 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.468
Targeted stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2015-06-26 08:06:20 UTC
x86 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-06-26 08:06:46 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2015-06-30 00:11:14 UTC
CVE-2015-3113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3113):
  Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x
  through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468
  on Linux allows remote attackers to execute arbitrary code via unspecified
  vectors, as exploited in the wild in June 2015.
Comment 5 Sergey Popov gentoo-dev 2015-07-01 09:46:12 UTC
Cleanup was done by maintainer

GLSA request filed
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2015-07-10 12:56:48 UTC
This issue was resolved and addressed in
 GLSA 201507-13 at https://security.gentoo.org/glsa/201507-13
by GLSA coordinator Kristian Fiskerstrand (K_F).