"Users of Adobe Flash Player 11.2.202.356 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.359."
Arch teams, please test and mark stable: =www-plugins/adobe-flash-11.2.202.359 Targeted stable KEYWORDS : amd64 x86
CVE-2014-0510 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0510): Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.
amd64/x86 stable. @jer, cleanup, please
glsa request filed.
> Whiteboard: ?? [cleanup/glsa?] → B2 [cleanup/glsa] adobe-flash is valuated as A
CVE-2014-0520 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0520): Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519. CVE-2014-0519 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0519): Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520. CVE-2014-0518 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0518): Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520. CVE-2014-0517 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0517): Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520. CVE-2014-0516 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0516): Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.
This issue was resolved and addressed in GLSA 201406-08 at http://security.gentoo.org/glsa/glsa-201406-08.xml by GLSA coordinator Mikle Kolyada (Zlogene).