Bug 136415 - app-text/acroread: <7.0.8 unspecified vulnerability ?
Bug#: 136415 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: INVALID Assigned To: security@gentoo.org Reported By: falco@gentoo.org
Component: Vulnerabilities
URL:  http://www.adobe.com/support/techdocs/327817.html
Summary: app-text/acroread: <7.0.8 unspecified vulnerability ?
Keywords:  
Status Whiteboard: B? [] Falco
Opened: 2006-06-11 07:59 0000
Description:   Opened: 2006-06-11 07:59 0000 
http://www.adobe.com/support/techdocs/327817.html says :

"Security: several security bug fixes have been made, including one considered
critical."

for the 7.0.8 update

how should we consider this ?
In doubt, printing team, could you introduce acroread-7.0.8 into portage of
possible ?

------- Comment #1 From Stefan Schweizer 2006-06-17 19:43:58 0000 ------- 
I added a masked 7.0.8 ebuild because it does not have all localization yet.

------- Comment #2 From Raphael Marichez 2006-06-18 04:31:11 0000 ------- 
(In reply to comment #1)
> I added a masked 7.0.8 ebuild because it does not have all localization yet.
> 

I suppose we can't stabilize this version.

Back to [upstream] status in order to wait for a valid upstream version.

------- Comment #3 From Stefan Cornelius (RETIRED) 2006-07-24 09:01:44 0000 ------- 
ok, we waited long enough. i dont care a lot about localization, imho is
security more important. what do you think?

------- Comment #4 From Wolf Giesen (RETIRED) 2006-07-24 21:29:16 0000 ------- 
Yes, let's shove it out, preferrably with an enotice describing security
overrules understandability .-)

------- Comment #5 From Thierry Carrez (RETIRED) 2006-07-29 05:41:34 0000 ------- 
I agree.
genstef/printing : please unmask it or advise.

------- Comment #6 From Stefan Schweizer 2006-07-29 07:49:36 0000 ------- 
adobe has released some language tarballs and I have unmasked the new version -
 go ahead :)

------- Comment #7 From Stefan Cornelius (RETIRED) 2006-07-29 08:43:59 0000 ------- 
amd64 and x86, please test and stable 7.0.8, thanks

------- Comment #8 From Joshua Jackson 2006-07-30 20:19:25 0000 ------- 
*thumbs up* It works like it should ^.^;

------- Comment #9 From Simon Stelling (RETIRED) 2006-07-31 04:38:45 0000 ------- 
amd64 done

------- Comment #10 From Thierry Carrez (RETIRED) 2006-07-31 13:42:35 0000 ------- 
Voting yes, one unknown critical.

------- Comment #11 From Matthias Geerdsen 2006-07-31 14:00:53 0000 ------- 
voting yes too (one critical, acroread is widely used)

------- Comment #12 From Wolf Giesen (RETIRED) 2006-07-31 22:06:10 0000 ------- 
yes

------- Comment #13 From Sune Kloppenborg Jeppesen 2006-08-01 00:46:39 0000 ------- 
okokOK:-)

------- Comment #14 From Sune Kloppenborg Jeppesen 2006-08-02 09:06:41 0000 ------- 
According to RH CVE-2006-3093 does not affect the Linux version, so I suggest
we close this one as INVALID.

Comments?

------- Comment #15 From Wolf Giesen (RETIRED) 2006-08-02 09:34:43 0000 ------- 
Hm, SuSE still released new packages. Do they know something the others don't?

http://lists.suse.com/archive/suse-security-announce/2006-Jul/0004.html

------- Comment #16 From Sune Kloppenborg Jeppesen 2006-08-02 09:52:14 0000 ------- 
No, they didn't know what others know now.

------- Comment #17 From Wolf Giesen (RETIRED) 2006-08-02 10:54:51 0000 ------- 
Great, I downloaded that bloat and guess what, there's no changelog/release
note inside. Probably to save bandwidth. Ha, ha. Just gotta love them.

------- Comment #18 From Sune Kloppenborg Jeppesen 2006-08-02 23:46:24 0000 ------- 
Closing as INVALID.

Feel free to reopen if you disagree.

Sorry for the noise.