Upstream has already released v25.0.0.148. No information available yet.
Duplicate of 615292 ?
*** This bug has been marked as a duplicate of bug 615292 ***
(In reply to Harri Nieminen (Moiman) from comment #1) > Duplicate of 615292 ? No, that's backward.
*** Bug 615292 has been marked as a duplicate of this bug. ***
(In reply to Jeroen Roovers from comment #3) > (In reply to Harri Nieminen (Moiman) from comment #1) > > Duplicate of 615292 ? > > No, that's backward. No, that action was intentional given that this bug lacks any information about the vulnerabilities involved. Why would you go ahead and break that? please update with sufficient information in this bug to make it useful when doing so.
CVE-2017-3059 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3059): Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3064 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3064): Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution. CVE-2017-3063 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3063): Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution. CVE-2017-3062 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3062): Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution. CVE-2017-3061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3061): Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution. CVE-2017-3060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-3060): Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.
New GLSA request filed.
Downgrading to A2.
This issue was resolved and addressed in GLSA 201704-04 at https://security.gentoo.org/glsa/201704-04 by GLSA coordinator Yury German (BlueKnight).