Upstream has already released v18.104.22.168. No information available yet.
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999).
These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003).
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
Tao Yan (@Ga1ois) of Palo Alto Networks (CVE-2017-2997, CVE-2017-2998, CVE-2017-2999)
Wang Chenyu and Wu Hongjun of Nanyang Technological University (CVE-2017-3000)
Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program and Anonymous working with Trend Micro's Zero Day Initiative (CVE-2017-3001)
Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program (CVE-2017-3002, CVE-2017-3003)
Maintainer already stabilized the package.
New GLSA request filed.
This issue was resolved and addressed in
GLSA 201703-02 at https://security.gentoo.org/glsa/201703-02
by GLSA coordinator Thomas Deutschmann (whissi).