From $URL: Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.55. @Lack, @desktop-misc, please bump (again ;). Thank you!
*** Bug 390411 has been marked as a duplicate of this bug. ***
CVE-2011-2460 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459. CVE-2011-2459 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460. CVE-2011-2458 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, when Internet Explorer is used, allows remote attackers to bypass the cross-domain policy via a crafted web site. CVE-2011-2457 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457): Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. CVE-2011-2456 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456): Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via unspecified vectors. CVE-2011-2455 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2459, and CVE-2011-2460. CVE-2011-2454 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. CVE-2011-2453 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. CVE-2011-2452 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. CVE-2011-2451 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460. CVE-2011-2450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. CVE-2011-2445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445): Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2459, and CVE-2011-2460.
The security bug, which in other distributions fixed weeks ago. Any progress here?
The status is "in progress", but if it's not, it's wrong. Thanks a lot for your effort, developers.
Sorry for the delay! Adobe's latest =www-plugins/adobe-flash-11.1.102.55 is in the tree which should address all (known) vulnerabilities. As usual, no need to wait 30 days before stabilization.
(In reply to comment #4) > Thanks a lot for your effort, developers. Do not forget that there is no business and we spend our free time. Feel free to join as developer ;) (In reply to comment #5) > Sorry for the delay! np, thanks. Arches, please test and mark stable: =www-plugins/adobe-flash-11.1.102.55 Target keywords : "amd64 x86"
amd64/x86 ok
Archtested on x86: Everything fine
(In reply to comment #6) > Do not forget that there is no business and we spend our free time. Feel free > to join as developer ;) We remember and appreciate it. Thank you very much.
x86 stable
(In reply to comment #6) Sorry if I sounded demanding. What I wanted to say was: it's better to share the accurate status, especially for security issues. (tl;dr: I know it's not an easy task for developers, neither for Gentoo devs as a whole. In your life suddenly things intervene, then comes next... I'm sorry I don't have any clue how it can be facilitated.) > Feel free to join as developer ;) I'd worked as a Sawfish WM developer for 2.5 years. I reckon mine was child's play compared to yours, but it was tough enough for me. ;) Best wishes to all.
amd64: pass
amd64 stable
Thanks all, filed glsa request.
This issue was resolved and addressed in GLSA 201204-07 at http://security.gentoo.org/glsa/glsa-201204-07.xml by GLSA coordinator Sean Amoss (ackle).
