It's Tuesday. No details yet. Ebuild is in the tree.
The upstream bulletin classify it as priority 3 for linux client so setting A3 for now. The full list of vulnerabilities fixed (but not checked which affects the linux client 11.x yet); Vulnerability Details These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659). These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046). Acknowledgments Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: Anonymous working with HP's Zero Day Initiative (CVE-2015-7661) Bilou working with HP's Zero Day Initiative (CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-8042) Bilou working with HP's Zero Day Initiative, and Natalie Silvanovich of Google Project Zero (CVE-2015-7652) Jordan Rabet (CVE-2015-7662) Kenneth Fitch and Aaron Lamb of Endgame (CVE-2015-7663) Natalie Silvanovich of Google Project Zero (CVE-2015-8043, CVE-2015-8044, CVE-2015-8046)
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.548 Targeted stable KEYWORDS : amd64 x86
(In reply to Kristian Fiskerstrand from comment #1) > The upstream bulletin classify it as priority 3 for linux client so setting > A3 for now. Apart the priority, which is adobe internal, since it says code execution I'd set to A2
amd64 stable
(In reply to Agostino Sarubbo from comment #3) > (In reply to Kristian Fiskerstrand from comment #1) > > The upstream bulletin classify it as priority 3 for linux client so setting > > A3 for now. > > Apart the priority, which is adobe internal, since it says code execution > I'd set to A2 I haven't verified that the linux version is also affected by that CVE, but its Adobe so ... better be cautious (although it doesn't affect handling anyways)
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Cleanup was done by maintainer, added to GLSA request
This issue was resolved and addressed in GLSA 201511-02 at https://security.gentoo.org/glsa/201511-02 by GLSA coordinator Sergey Popov (pinkbyte).