Upstream has already released v25.0.0.127. No information available yet.
From ${URL}: Vulnerability Details These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999). These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003). Acknowledgments Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: Tao Yan (@Ga1ois) of Palo Alto Networks (CVE-2017-2997, CVE-2017-2998, CVE-2017-2999) Wang Chenyu and Wu Hongjun of Nanyang Technological University (CVE-2017-3000) Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program and Anonymous working with Trend Micro's Zero Day Initiative (CVE-2017-3001) Yuki Chen of Qihoo 360 Vulcan Team working with Chromium Vulnerability Rewards Program (CVE-2017-3002, CVE-2017-3003)
Maintainer already stabilized the package. New GLSA request filed.
This issue was resolved and addressed in GLSA 201703-02 at https://security.gentoo.org/glsa/201703-02 by GLSA coordinator Thomas Deutschmann (whissi).
