Bug 612588 (APSB17-07, CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003)

Comment 1 Kristian Fiskerstrand (RETIRED) 2017-03-14 15:37:35 UTC

From ${URL}:
Vulnerability Details

    These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997).
    These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999).
    These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000).
    These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003).

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

    Tao Yan (@Ga1ois) of Palo Alto Networks (CVE-2017-2997, CVE-2017-2998, CVE-2017-2999)
    Wang Chenyu and Wu Hongjun of Nanyang Technological University (CVE-2017-3000)
    Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program and Anonymous working with Trend Micro's Zero Day Initiative (CVE-2017-3001)
    Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program (CVE-2017-3002, CVE-2017-3003)

Comment 2 Thomas Deutschmann (RETIRED) 2017-03-16 08:50:17 UTC

Maintainer already stabilized the package.

New GLSA request filed.

Comment 3 GLSAMaker/CVETool Bot 2017-03-19 18:41:11 UTC

This issue was resolved and addressed in
 GLSA 201703-02 at https://security.gentoo.org/glsa/201703-02
by GLSA coordinator Thomas Deutschmann (whissi).