Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 60205 - app-text/acroread vulnerability in acroread
Summary: app-text/acroread vulnerability in acroread
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: GLSA Errors (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://idefense.com/application/poi/d...
Whiteboard: B2 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-13 03:09 UTC by bin-doph
Modified: 2004-08-15 07:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description bin-doph 2004-08-13 03:09:45 UTC
Hi,

acroread seems vulnerable to this security-issue. The current version in portage (5.08) is not confirmed as vulnerable, but it says 

"While it is not clear exactly when the vulnerability was patched, iDEFENSE has tested Adobe Acrobat Reader (UNIX) 5.0.9, which appears to be patched against this vulnerability."

http://idefense.com/application/poi/display?id=125&type=vulnerabilities&flashstatus=true
Comment 1 Tim Yamin (RETIRED) gentoo-dev 2004-08-13 03:23:30 UTC
I've now marked 5.09 stable on x86, security team: please vote on a GLSA.
Comment 2 Tim Yamin (RETIRED) gentoo-dev 2004-08-13 03:33:58 UTC
The README has this to say:

==
New for Acrobat Reader 5.0.9

A security patch was applied that solves a couple of problems
reported with malformed uuencoded pdf files.
==

So < 5.09 should be vulnerable.
Comment 3 schaedpq 2004-08-13 07:19:14 UTC
One of the bugs fixed in 5.09 seems to be this one: 
Shell Metacharacter Code Execution Vulnerability <http://idefense.com/application/poi/display?id=124&type=vulnerabilities>
Might be a good idea to include that vulnerability in the GLSA.
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2004-08-14 00:57:49 UTC
I vote for a GLSA on this one and have drafted one already.

Security please review or vote nay to GLSA.

Thx Dominik
Comment 5 Sune Kloppenborg Jeppesen gentoo-dev 2004-08-15 07:58:52 UTC
GLSA 200408-14