Bug 53479 - [Update] ports/print/acroread5 (includes security fix)
Summary: [Update] ports/print/acroread5 (includes security fix)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Trevor Johnson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-06-19 07:10 UTC by Hideyuki KURASHINA
Modified: 2003-06-25 03:29 UTC (History)
0 users

See Also:

Attachments
file.diff (785 bytes, patch)
2003-06-19 07:10 UTC, Hideyuki KURASHINA 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hideyuki KURASHINA 2003-06-19 07:10:15 UTC 
	According to the

	  Adobe Systems Incorporated Information for VU#200132
	    http://www.kb.cert.org/vuls/id/IAFY-5MCQ4L
	  CERT/CC Vulnerability Note VU#200132
	    http://www.kb.cert.org/vuls/id/200132

	Acrobat Reader before 5.0.7 has a vulnerability that may
	allow remote attackers to execute arbitrary commands on a
	target system.

Fix: Apply followng patch;
Comment 1 Norikatsu Shigemura freebsd_committer freebsd_triage 2003-06-19 07:30:52 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->trevor

Over to maintainer.
Comment 2 Hideyuki KURASHINA 2003-06-20 10:44:54 UTC 
Oops, I forgot to fill following section;

>How-To-Repeat:

	Check

	  [Full-Disclosure] -10Day CERT Advisory on PDF Files
	    http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html

	The way describes above can be reproducable in my environment
	(acroread-5.06, linux_base-7.1_3).  acroread-5.07 is not affected
	this vulnerability.

	PS.  ports/converters/base64 will help to decode base64-encoded file
	     attached at that message.


-- rushani
Comment 3 Norikatsu Shigemura freebsd_committer freebsd_triage 2003-06-25 03:29:04 UTC 
State Changed
From-To: open->closed

Committed, thanks!