From upstream advisory at $URL: SUMMARY Adobe released security updates for Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.3). For users of Adobe Reader 9.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.3), Adobe has made available the update Adobe Reader 9.5.1. Adobe recommends users of Adobe Reader 9.4.6 and earlier versions for Linux update to Adobe Reader 9.5.1. Adobe recommends users of Adobe Acrobat X (10.1.2) for Windows and Macintosh update to Adobe Acrobat X (10.1.3). Adobe recommends users of Adobe Acrobat 9.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.5.1.
@printing: the advisory says 9.4.6 and earlier for linux but is 9.4.7 not affected or you will bump 9.5.1? can you check please?
(In reply to comment #1) > @printing: > > the advisory says 9.4.6 and earlier for linux but is 9.4.7 not affected or > you will bump 9.5.1? can you check please? It's pretty much unclear from the advisory. Anyway, I've bumped to 9.5.1, and recommend you test and stabilize. Seems to work fine here.
Ok, in any cases 9.5.1 is unaffected and as upstream recommends I'd say to stabilize it. @security: are you ok with this choise?
Yeah... Arches, please test and mark stable: =app-text/acroread-9.5.1 Target keywords : "amd64 x86"
x86 stable, thanks!
amd64 ok
CVE-2012-0777 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777): The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2012-0776 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776): The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. CVE-2012-0775 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775): The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. CVE-2012-0774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774): Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.
amd64 stable
glsa request filed
Vulnerable version removed from the tree. Thanks everyone!
This issue was resolved and addressed in GLSA 201206-14 at http://security.gentoo.org/glsa/glsa-201206-14.xml by GLSA coordinator Sean Amoss (ackle).