CVE-2009-0658 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0658): Buffer overflow in Adobe Reader 9.0 and earlier and Acrobat 9.0 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call, as exploited in the wild in February 2009 by Trojan.Pidief.E.
NOTE: The vendor is in the process of fixing this issue and will release first fixes by March 11, 2009.
updates are available for windows now: http://www.adobe.com/support/security/bulletins/apsb09-04.html "Adobe now plans to make available Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix by March 24."
CVE-2009-0927 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0927): Unspecified vulnerability in Adobe Reader and Adobe Acrobat 9.1 and 7.1.1 allows remote attackers to execute arbitrary code via unknown vectors related to a JavaScript method and input validation, a different vulnerability than CVE-2009-0658.
CVE-2009-0193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0193): Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-1061 and CVE-2009-1062. CVE-2009-0928 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0928): Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an unspecified table. CVE-2009-1061 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1061): Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1062. CVE-2009-1062 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1062): Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 might allow remote attackers to execute arbitrary code via unknown attack vectors related to JBIG2 and "input validation," a different vulnerability than CVE-2009-0193 and CVE-2009-1061.
Updates are released: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
app-text/acroread-{8.1.4, 9.1} are in CVS now. I'd suggest to stabilize 8.1.4 first since Adobe didn't release 9.1 for all languages yet.
Arches, please test and mark stable: =app-text/acroread-8.1.4 Target keywords : "amd64 x86"
amd64 stable
x86, ping
pong, x86 stable
GLSA request filed.
GLSA 200904-17.
