Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
Hi, acroread seems vulnerable to this security-issue. The current version in portage (5.08) is not confirmed as vulnerable, but it says "While it is not clear exactly when the vulnerability was patched, iDEFENSE has tested Adobe Acrobat Reader (UNIX) 5.0.9, which appears to be patched against this vulnerability." http://idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=true
I've now marked 5.09 stable on x86, security team: please vote on a GLSA.
The README has this to say: == New for Acrobat Reader 5.0.9 A security patch was applied that solves a couple of problems reported with malformed uuencoded pdf files. == So < 5.09 should be vulnerable.
One of the bugs fixed in 5.09 seems to be this one: Shell Metacharacter Code Execution Vulnerability <http://idefense.com/application/poi/display?id=124&type=vulnerabilities> Might be a good idea to include that vulnerability in the GLSA.
I vote for a GLSA on this one and have drafted one already. Security please review or vote nay to GLSA. Thx Dominik
GLSA 200408-14
