From ${URL} : Description Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to cause memory corruption. 2) Another unspecified error can be exploited to cause memory corruption. 3) Another unspecified error can be exploited to cause memory corruption. 4) Another unspecified error can be exploited to cause memory corruption. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in following versions and products: * Adobe Flash Player versions 11.8.800.94 and prior for Windows and Macintosh * Adobe Flash Player versions 11.2.202.297 and prior for Linux * Adobe Flash Player versions 11.1.115.69 and prior for Android 4.x * Adobe Flash Player versions 11.1.111.64 and prior for Android 3.x and 2.x * Adobe AIR versions 3.8.0.870 and earlier for Windows and Android * Adobe AIR versions 3.8.0.910 and earlier for Macintosh * Adobe AIR SDK & Compiler versions 3.8.0.870 and earlier for Windows * Adobe AIR SDK & Compiler versions 3.8.0.910 and earlier for Macintosh Solution: Update to a fixed version. Further details available to Secunia VIM customers Provided and/or discovered by: The vendor credits Mateusz Jurczyk and Ben Hawkes, Google Security Team Original Advisory: http://www.adobe.com/support/security/bulletins/apsb13-21.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
http://www.adobe.com/support/security/bulletins/apsb13-21.html
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.310 Targeted stable KEYWORDS : -* amd64 x86
amd64/x86 stable Added to existing GLSA draft
CVE-2013-5324 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5324): Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. CVE-2013-3363 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3363): Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324. CVE-2013-3362 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3362): Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3363, and CVE-2013-5324. CVE-2013-3361 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3361): Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3362, CVE-2013-3363, and CVE-2013-5324.
This issue was resolved and addressed in GLSA 201309-06 at http://security.gentoo.org/glsa/glsa-201309-06.xml by GLSA coordinator Sean Amoss (ackle).
