File _patchinfo of Package patchinfo.3801

<patchinfo incident="3801">
  <issue id="1015379" tracker="bnc">VUL-0: EMU: flash-player: december 13 release (APSB16-39)</issue>
  <issue id="2016-7879" tracker="cve" />
  <issue id="2016-7892" tracker="cve" />
  <issue id="2016-7868" tracker="cve" />
  <issue id="2016-7890" tracker="cve" />
  <issue id="2016-7880" tracker="cve" />
  <issue id="2016-7881" tracker="cve" />
  <issue id="2016-7878" tracker="cve" />
  <issue id="2016-7871" tracker="cve" />
  <issue id="2016-7870" tracker="cve" />
  <issue id="2016-7873" tracker="cve" />
  <issue id="2016-7872" tracker="cve" />
  <issue id="2016-7875" tracker="cve" />
  <issue id="2016-7867" tracker="cve" />
  <issue id="2016-7877" tracker="cve" />
  <issue id="2016-7876" tracker="cve" />
  <issue id="2016-7869" tracker="cve" />
  <issue id="2016-7874" tracker="cve" />
  <category>security</category>
  <rating>critical</rating>
  <packager>sbrabec</packager>
  <description>
This update for flash-player fixes the following issues:

- Security update to 24.0.0.186 (bsc#1015379) APSB16-39:
    * These updates resolve use-after-free vulnerabilities that could have
      lead to code execution (CVE-2016-7872, CVE-2016-7877, CVE-2016-7878,
      CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7892).
    * These updates resolve buffer overflow vulnerabilities that could have lead to
      code execution (CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870).
    * These updates resolve memory corruption vulnerabilities that could have lead to
      code execution (CVE-2016-7871, CVE-2016-7873, CVE-2016-7874,
      CVE-2016-7875, CVE-2016-7876).
    * These updates resolve a security bypass vulnerability (CVE-2016-7890).
- Keep standalone flashplayer at version 11, no newer version
  exists (INSECURE!).
- Update EULA to version 24.0.
</description>
  <summary>Security update for flash-player</summary>
</patchinfo>