From the upstream advisory at $URL:
Adobe released security updates for Adobe Flash Player 126.96.36.199 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 188.8.131.52 and earlier versions for Android 4.x, and Adobe Flash Player 184.108.40.206 and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only.
Adobe recommends users of Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 18.104.22.168. Flash Player installed with Google Chrome was updated automatically, so no user action is required.
Just bumped flash to 22.214.171.124.
As usual, stabilize any time.
Arches, please test and mark stable:
Target keywords : "amd64 x86"
amd64 done. Thanks Elijah
I'm can't see problems for x86, tried run under firefox and chromium: all well.
Please mark stable.
x86 stable, thanks Mikle.
Adobe Flash Player before 10.3.183.19 and 11.x before 126.96.36.199 on
Windows, Mac OS X, and Linux; before 188.8.131.52 on Android 2.x and 3.x; and
before 184.108.40.206 on Android 4.x allows remote attackers to execute
arbitrary code via a crafted file, related to an "object confusion
vulnerability," as exploited in the wild in May 2012.
Thanks, folks. Already in GLSA request.
This issue was resolved and addressed in
GLSA 201206-21 at http://security.gentoo.org/glsa/glsa-201206-21.xml
by GLSA coordinator Sean Amoss (ackle).