CVE-2009-0198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0198): Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.
CVE-2009-1855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1855): Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors. CVE-2009-1856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1856): Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. CVE-2009-1857 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1857): Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. CVE-2009-1858 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1858): The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. CVE-2009-1859 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1859): Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption. CVE-2009-1861 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1861): Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption. CVE-2009-2028 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2028): Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
Tarballs are available on the Adobe mirrors now, I've committed updated ebuilds (8.1.6/9.1.2).
Arches, please test and mark stable: =app-text/acroread-9.1.2 =app-text/acroread-8.1.6 Target keywords : "amd64 x86"
(In reply to comment #3) > Arches, please test and mark stable: > =app-text/acroread-9.1.2 > =app-text/acroread-8.1.6 > Target keywords : "amd64 x86" Are you sure we should go for the 9 series of Acroread?
Oh no, 9.1.x wasn't stable yet, so I should've asked printing@g.o., of course. Printing, is it ok to go stable With 9.1.2? So please only stabilize yet: =app-text/acroread-8.1.6
(In reply to comment #5) > Oh no, 9.1.x wasn't stable yet, so I should've asked printing@g.o., of course. > Printing, is it ok to go stable With 9.1.2? > > So please only stabilize yet: > =app-text/acroread-8.1.6 Done on x86.
(In reply to comment #5) > Oh no, 9.1.x wasn't stable yet, so I should've asked printing@g.o., of course. > Printing, is it ok to go stable With 9.1.2? I'm still a bit unsure about this, but on the other hand, we can't stay forever with Adobe Reader 8.x. The "problem" is Adobe still fails to provide more localized versions of 9.x besides english, german, french and japanese. But then again we can't do anything about it so I'd say lets stabilize 9.1.2 too, but keep 8.x in tree and tell users to either complain upstream and/or downgrade to 8.x if they're missing a localized version for their language and can't live with the english one.
x86 stable
amd64 stable
GLSA request filed.
CVE-2009-0509 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0509): Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption. CVE-2009-0510 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0510): Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. CVE-2009-0511 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0511): Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. CVE-2009-0512 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0512): Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0888, and CVE-2009-0889. CVE-2009-0888 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0888): Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889. CVE-2009-0889 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0889): Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0888.
GLSA 200907-06