From secunia security advisory at $URL: Description: The vulnerability is caused due to an unspecified error when handling U3D data. No further information is currently available. The vulnerability is reported in: * Adobe Reader versions 9.4.6 and prior for Windows, Macintosh, and UNIX. Solution: Do not open untrusted PDF files. A fix is scheduled to be released for Adobe Reader and Acrobat 9.x for Windows in the week of December 12, 2011.
CVE-2011-2462 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462): Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
https://www.adobe.com/support/security/bulletins/apsb11-30.html Adobe has released reader 9.4.7 for linux. ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/ Please bump; thanks!
*** Bug 398303 has been marked as a duplicate of this bug. ***
Just bumped to app-text/acroread-9.4.7 (english only, same as 9.4.6). It might be a good idea to fast-stabilize that (missing localization does not really count with that list of CVE's). Please ignore the repoman warning (there is no src_prepare, and just starting one for the sed call does not make sense).
Thank you. Arches, please test and mark stable: =app-text/acroread-9.4.7 Target keywords : "amd64 x86"
x86: is ok
x86 stable
amd64 stable
added to existing glsa request
Thanks everyone. Vulnerable version has been removed from the tree.
This issue was resolved and addressed in GLSA 201201-19 at http://security.gentoo.org/glsa/glsa-201201-19.xml by GLSA coordinator Alex Legler (a3li).
CVE-2011-4369 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369): Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.