Summary: | <app-text/acroread-9.4.7 ships bundled (and vulnerable) copies of lib{crypto,ssl}.so.0.9.8 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mark Davies <mark> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | b.brachaczek, printing |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Mark Davies
2010-10-11 13:25:56 UTC
sounds like those versions that came in bundled, should be removed from the package... propably vulnerable to several bugs. (In reply to comment #1) > sounds like those versions that came in bundled, should be removed from the > package... propably vulnerable to several bugs. Right. Libraries are removed in acroread-9.4.2-r1. Please however give this a good testing before marking it stable, because I don't really know yet how well our system libraries act as replacement. (Acroread starts up normally and loads them. I'm hoping there won't be any mystery crashes.) Is fixed in stable acroread 9.4.7 (only version in tree). @security: imho this can be resolved. (In reply to comment #3) > Is fixed in stable acroread 9.4.7 (only version in tree). > > @security: imho this can be resolved. Thanks; I agree. @security, feel free to reopen if you disagree. |