136415 2006-06-11 07:59 0000 app-text/acroread: <7.0.8 unspecified vulnerability ? 2006-08-02 23:46:24 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED INVALID http://www.adobe.com/support/techdocs/327817.html B? [] Falco P2 minor --- 1 falco@gentoo.org security@gentoo.org nelchael@gentoo.org printing@gentoo.org falco@gentoo.org 2006-06-11 07:59:54 0000 http://www.adobe.com/support/techdocs/327817.html says : "Security: several security bug fixes have been made, including one considered critical." for the 7.0.8 update how should we consider this ? In doubt, printing team, could you introduce acroread-7.0.8 into portage of possible ? genstef@gentoo.org 2006-06-17 19:43:58 0000 I added a masked 7.0.8 ebuild because it does not have all localization yet. falco@gentoo.org 2006-06-18 04:31:11 0000 (In reply to comment #1) > I added a masked 7.0.8 ebuild because it does not have all localization yet. > I suppose we can't stabilize this version. Back to [upstream] status in order to wait for a valid upstream version. dercorny@gentoo.org 2006-07-24 09:01:44 0000 ok, we waited long enough. i dont care a lot about localization, imho is security more important. what do you think? frilled@gentoo.org 2006-07-24 21:29:16 0000 Yes, let's shove it out, preferrably with an enotice describing security overrules understandability .-) koon@gentoo.org 2006-07-29 05:41:34 0000 I agree. genstef/printing : please unmask it or advise. genstef@gentoo.org 2006-07-29 07:49:36 0000 adobe has released some language tarballs and I have unmasked the new version - go ahead :) dercorny@gentoo.org 2006-07-29 08:43:59 0000 amd64 and x86, please test and stable 7.0.8, thanks tsunam@gentoo.org 2006-07-30 20:19:25 0000 *thumbs up* It works like it should ^.^; blubb@gentoo.org 2006-07-31 04:38:45 0000 amd64 done koon@gentoo.org 2006-07-31 13:42:35 0000 Voting yes, one unknown critical. vorlon@gentoo.org 2006-07-31 14:00:53 0000 voting yes too (one critical, acroread is widely used) frilled@gentoo.org 2006-07-31 22:06:10 0000 yes jaervosz@gentoo.org 2006-08-01 00:46:39 0000 okokOK:-) jaervosz@gentoo.org 2006-08-02 09:06:41 0000 According to RH CVE-2006-3093 does not affect the Linux version, so I suggest we close this one as INVALID. Comments? frilled@gentoo.org 2006-08-02 09:34:43 0000 Hm, SuSE still released new packages. Do they know something the others don't? http://lists.suse.com/archive/suse-security-announce/2006-Jul/0004.html jaervosz@gentoo.org 2006-08-02 09:52:14 0000 No, they didn't know what others know now. frilled@gentoo.org 2006-08-02 10:54:51 0000 Great, I downloaded that bloat and guess what, there's no changelog/release note inside. Probably to save bandwidth. Ha, ha. Just gotta love them. jaervosz@gentoo.org 2006-08-02 23:46:24 0000 Closing as INVALID. Feel free to reopen if you disagree. Sorry for the noise.