This is not a good way to handle a security vulnerability, especially a trivial one with no known exploits. Either mask the package or use the wrapper script in the security focus notice ( http://online.securityfocus.com/archive/1/278984 ). IMHO acroread should be installed anyway, giving the user notice of the bug so they can make the choice on their own. See bug #4657
suggestion taken. I have used the wrapper script in -r6 ebuild AND the package is masked.