Bug 618212 - Adobe Reader (acroread) on Factory: Update to security-fixed version
Summary: Adobe Reader (acroread) on Factory: Update to security-fixed version
Status: VERIFIED FIXED
Alias: None
Product: openSUSE 11.3
Classification: openSUSE
Component: Commercial (show other bugs)
Version: Factory
Hardware: Other Other
: P5 - None : Major (vote)
Target Milestone: ---
Assignee: Bin Li
QA Contact: E-mail List
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-06-29 10:32 UTC by Tobias Burnus
Modified: 2010-07-21 06:53 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Burnus 2010-06-29 10:32:14 UTC 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3

Note: This is for the openSUSE Factory version, i.e.
  http://download.opensuse.org/factory/repo/non-oss/suse/i586/
which currently ships 9.3.2 - and for which to my knowledge the normal package maintainer is responsible.
(For the released products, the security team is responsible - and I assume they are already waiting for Adobe to release the update.)


Today, a security update for Adobe Reader 9.3.2 will be released, which fixes several critical security problems, in particular CVE-2010-1297 (crash and potentially allows an attacker to take control of the affected system). This is the Adobe Reader fix for an issue which is already exploited for Flash Player (fixed for Factory & released products). Security advisory:

  http://www.adobe.com/support/security/bulletins/apsb10-15.html

Thanks for the timely security update!

Reproducible: Always
Comment 1 Tobias Burnus 2010-06-29 18:56:51 UTC 
The update is (now) available at
  http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix

As the openSUSE 11.3 release is happening soon, I would really like to see this update be included also on the DVDs.
Comment 2 Tobias Burnus 2010-06-29 20:10:58 UTC 
Or from the FTP server: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.3.3/

Release notes (http://kb2.adobe.com/cps/837/cpsid_83708.html):
  - Enhancements for security (including a zero-day fix)
  - performance enhancements
  - bug fixes
  - improved browser support,
  - and Updater improvements.
Details: http://kb2.adobe.com/cps/837/cpsid_83708/attachments/Acrobat_Reader_ReleaseNote_9.3.3_8.2.3.pdf
Comment 3 Bin Li 2010-06-30 09:21:28 UTC 
Hi,
 Download it now, thanks! It's a little slow to download it, I'll finish
it tomorrow.
Comment 4 Bin Li 2010-06-30 09:22:15 UTC 
Assign to me first.
Comment 5 Ludwig Nussel 2010-07-01 07:47:26 UTC 
redhat has released updates
Comment 7 Bin Li 2010-07-02 07:19:10 UTC 
Done.
And already accepted by factory.
Comment 8 Tobias Burnus 2010-07-13 14:18:58 UTC 
REOPEN  (reminder: 9.3.3 = new, 9.3.2 = old)

The files are still not on the FTP server:
  http://download.opensuse.org/factory/repo/non-oss/suse/i586/
has only  acroread-9.3.2-1.5.i586.rpm

The files are available for  11.3
  http://download.opensuse.org/distribution/11.3/repo/non-oss/suse/i586/
has  
acroread-9.3.3-2.1.i586.rpm  

If one looks at the build server, one finds the 9.3.3 package - thus, this is not a package building but a package distribution problem.

https://build.opensuse.org/package/show?package=acroread&project=openSUSE%3AFactory%3ANonFree
Comment 9 Tobias Burnus 2010-07-21 06:53:13 UTC 
Now the package is finally available on Factory. Thus, close as fixed.

http://download.opensuse.org/factory/repo/non-oss/suse/i586/ has
   acroread-9.3.3-1.1.i586.rpm    02-Jul-2010 17:14