Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 557342 (CVE-2015-3107) - <www-plugins/adobe-flash-11.2.202.508: multiple vulnerabilities (CVE-2015-{3107,5124,5125,5127,5128,5129,5130,5131,5132,5133,5134,5539,5540,5541,5544,5545,5546,5547,5548,5549,5550,5551,5552,5553,5554,5555,5556,5557,5558,5559,5560,5561,5562,5563,5564})
Summary: <www-plugins/adobe-flash-11.2.202.508: multiple vulnerabilities (CVE-2015-{31...
Status: RESOLVED FIXED
Alias: CVE-2015-3107
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://helpx.adobe.com/security/prod...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-12 05:25 UTC by Jeroen Roovers
Modified: 2015-08-15 12:00 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2015-08-12 05:25:17 UTC
CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564

Arch teams, please test and mark stable:
=www-plugins/adobe-flash-11.2.202.508
Targeted stable KEYWORDS : amd64 x86
Comment 1 Agostino Sarubbo gentoo-dev 2015-08-12 08:10:59 UTC
amd64 stable
Comment 2 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-08-12 11:13:50 UTC
x86 stable.

Please, cleanup!
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2015-08-15 04:42:45 UTC
Arches and Maintainer(s), Thank you for your work.
Added to an existing GLSA Request.

Also the following was added to the URL above, adjusting accordingly:
August 12, 2015: Added a reference to CVE-2015-5565, a use-after-free issue similar to CVE-2015-3107.  A fix for CVE-2015-3107 was introduced in APSB15-11, and has been strengthened in APSB15-19.  Also, removed CVE-2015-5128, which was previously assessed to be a Type Confusion issue and has been re-classified as a non-exploitable crash due to a null pointer exception.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-08-15 12:00:42 UTC
This issue was resolved and addressed in
 GLSA 201508-01 at https://security.gentoo.org/glsa/201508-01
by GLSA coordinator Yury German (BlueKnight).