Re: Arcoread7 secutiry vulnerability
From: Ian Moore (imoore_at_swiftdsl.com.au)
To: "Simon L. Nielsen" <firstname.lastname@example.org> Date: Mon, 29 Aug 2005 20:23:01 +0930
On Monday 29 August 2005 06:32, Simon L. Nielsen wrote:
> On 2005.08.28 13:43:26 +0200, Simon L. Nielsen wrote:
> > On 2005.08.28 15:25:25 +0400, Boris Samorodov wrote:
> > > On Sun, 28 Aug 2005 13:13:18 +0200 Simon L. Nielsen wrote:
> > > > You are mixing up two different vulnerabilities . The
> > > > vulnerability fixed by the 7.0.1 upgrade was "acroread -- plug-in
> > > > buffer overflow vulnerability" . The vulnerability portaudit is
> > > > warning you about is "acroread -- XML External Entity vulnerability"
> > > > . As far as I know Adobe has not released any fix for the Linux
> > > > version of Adobe Reader for .
> > > >
> > > >  http://www.vuxml.org/freebsd/pkg-acroread7.html
> > > > 
> > > > http://www.vuxml.org/freebsd/f74dc01b-0e83-11da-bc08-0001020eed82.htm
> > > >l 
> > > > http://www.vuxml.org/freebsd/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.htm
> > > >l
> > >
> > > Well, I think that Linux version is not suffered from CAN-2005-1306:
> > > http://www.adobe.com/support/techdocs/331710.html
> > >
> > > Platforms affected are Windows and Mac OS. Am I missing something?
> > Adobe does not list the Linux version as affected, but the original
> > reporter of the problem does list the Linux version as affected, at
> > http://shh.thathost.com/secadv/adobexxe/ . In these cases we prefer
> > err on the side of caution and will rather list a package as affected,
> > even if it's not, rather than not listing a package that turn out to
> > be affected.
> > I have just written a mail to the original reporter of the problem to
> > try to clarify the issue.
> I just got a mail back from Sverre H. Huseby and he says that the
> Linux version indeed was affected, but 7.0.1 seems to be fixed, so I
> marked it as fixed in VuXML.
Thanks for clearing that up!
-- Ian Moore GPG Key: http://home.swiftdsl.com.au/~imoore/imoore-swift.asc
- application/pgp-signature attachment: stored