Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 60205

Summary: app-text/acroread vulnerability in acroread
Product: Gentoo Security Reporter: bin-doph <bauer>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: schaedpq
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=true
Whiteboard: B2 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description bin-doph 2004-08-13 03:09:45 UTC
Hi,

acroread seems vulnerable to this security-issue. The current version in portage (5.08) is not confirmed as vulnerable, but it says 

"While it is not clear exactly when the vulnerability was patched, iDEFENSE has tested Adobe Acrobat Reader (UNIX) 5.0.9, which appears to be patched against this vulnerability."

http://idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=true
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2004-08-13 03:23:30 UTC
I've now marked 5.09 stable on x86, security team: please vote on a GLSA.
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2004-08-13 03:33:58 UTC
The README has this to say:

==
New for Acrobat Reader 5.0.9

A security patch was applied that solves a couple of problems
reported with malformed uuencoded pdf files.
==

So < 5.09 should be vulnerable.
Comment 3 schaedpq 2004-08-13 07:19:14 UTC
One of the bugs fixed in 5.09 seems to be this one: 
Shell Metacharacter Code Execution Vulnerability <http://idefense.com/application/poi/display?id=124&type=vulnerabilities>
Might be a good idea to include that vulnerability in the GLSA.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-14 00:57:49 UTC
I vote for a GLSA on this one and have drafted one already.

Security please review or vote nay to GLSA.

Thx Dominik
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-15 07:58:52 UTC
GLSA 200408-14