Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 508986 (CVE-2014-0515) - <www-plugins/adobe-flash-11.2.202.356: buffer overflow (CVE-2014-0515)
Summary: <www-plugins/adobe-flash-11.2.202.356: buffer overflow (CVE-2014-0515)
Status: RESOLVED FIXED
Alias: CVE-2014-0515
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://helpx.adobe.com/security/produ...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-28 16:18 UTC by Jeroen Roovers
Modified: 2014-05-03 19:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2014-04-28 16:18:49 UTC
Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.356
Targeted stable KEYWORDS : amd64 x86
Comment 1 Yury German Gentoo Infrastructure gentoo-dev Security 2014-04-30 04:30:39 UTC
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0515

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.
Comment 2 Jeroen Roovers gentoo-dev 2014-04-30 05:05:46 UTC
Stable for AMD64 x86.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2014-05-02 03:55:25 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA request
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-05-03 18:55:44 UTC
CVE-2014-0515 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0515):
  Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through
  13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on
  Linux, allows remote attackers to execute arbitrary code via unspecified
  vectors, as exploited in the wild in April 2014.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-05-03 19:14:10 UTC
This issue was resolved and addressed in
 GLSA 201405-04 at http://security.gentoo.org/glsa/glsa-201405-04.xml
by GLSA coordinator Sergey Popov (pinkbyte).