- CVE-2009-1492
The getAnnots Doc method in the JavaScript API in Adobe Reader
and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote
attackers to cause a denial of service (memory corruption) or
execute arbitrary code via a PDF file that contains an
annotation, and has an OpenAction entry with JavaScript code
that calls this method with crafted integer arguments.
- CVE-2009-1493
The customDictionaryOpen spell method in the JavaScript API in
Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to
cause a denial of service (memory corruption) or execute
arbitrary code via a PDF file that triggers a call to this
method with a long string in the second argument.
Security: CVE-2009-1492
Security: CVE-2009-1493
Security: http://www.adobe.com/support/security/bulletins/apsb09-06.html
both current (fc4) and future linux (f8) distributions at one
ports tree.
The patch contains full changes to ports/Mk files and all ports involved.
But only infrastructure is changed. The resulting packages are the same as
before. Hence no need to bump PORTREVISIONs.
The idea was taken from bsd.gnome.mk and others.
More than 130 ports are switched to follow a new linux infrastructure
introduced by changes to bsd.port.mk, bsd.linux-rpm.mk and a new
bsd.linux-apps.mk.
Thanks for all who was involved and helped me with this work.
And help from Alexander Leidinger was incredible.
Other changes are coming. Stay tuned!
PR: ports/132510
Submitted by: bsam (me)
Exp-run by: portmgr (pav)
| A critical vulnerability has been identified in Adobe Reader and
| Acrobat 8.1.2. This vulnerability would cause the application to
| crash and could potentially allow an attacker to take control of
| the affected system.
Security: CVE-2008-2641
Security: CVE-2008-0883
Security: http://www.adobe.com/support/security/bulletins/apsb08-15.html
http://blogs.adobe.com/acroread/2008/02/#a005029:
[General Issues]
* Font caching Issues: Various font caching issues are fixed in Reader
8.1.2, including the issue of fonts that were configured using
fontconfig not being picked up by the Reader to render documents
(reported by Novell).
* Problem with Dual-screen setup (Xinerama mode).: Issue number 4
listed on the Known Issues page for Reader 8.1.1.
* Document ordering and fullscreen mode: Issue has been fixed in
Reader 8.1.2.
* Font KozGoProVI-Medium.otf is missing in Japanese Reader: This issue
is fixed in Reader 8.1.2.
[Printing Related Issues]
* Incorrect orientation: Issues with printing PDF files containing
portrait and landscape pages have been fixed in Reader
8.1.2. Choosing "Auto Rotate and Center" will now print the pages in
their inherent orientation.
* Red wash on printing with HP CLJ 2605: A workaround for this has
been added in the preferences
($HOME/.adobe/Acrobat/8.0/Preferences/reader_prefs), namely
"brokenCRDs". This value is set to "false" by default and can be
modified to "true" if one faces the red background issue.
* Scaling issues: Problems with -shrink/-expand options in the command
line (Issue #1 listed on the Known Issues page for Reader 8.1.1) as
well as with "Custom" printing in the dialog have been fixed in
Reader 8.1.2.
* Reader does not remember last chosen printer across sessions: Last
chosen printer is now remembered between different sessions of the
Reader in 8.1.2 release.
* Cannot pipe PDF as input to acroread: PDF contents can be read from
stdin when using the -toPostScript option.
* Hardcoding of printer command: Earlier the printer command was
hardcoded in the reader binary. This has been fixed in Reader 8.1.2
to pick up the command from the PATH environment variable.
languages). Changes from 7.x include:
User Interface:
* New improved UI with more real-estate in terms of page view
space. Only the most commonly used tools are present in the
toolbar by default (and the toolbar can be customized by the
user according to his/her own preference.)
* Sleek design and new stylish user interface
elements (including toolbars, navigation tabs, panes, etc.)
for a more rich user experience.
* Improved launch time and overall performance. Less waiting,
more work.
* Support for Single Document Interface (SDI) mode for improved
usability. Less cluttered, more intuitive.
* Always-available search toolbar (includes find and access to
search pane)
New Features:
* Support for playing Multimedia-enabled PDF documents for
supported media types (linux). Play Real media and more!
* Support for participating in Shared Reviews along with other
users of Adobe Reader 8.x on Unix, and Adobe Reader/Acrobat
8.x on Win/Mac. Collaborate right inside the Reader.
* Improvements in Commenting and Drawing Markup tools.
* New tools such as Loupe Tool, Pan and Zoom. Expand your
horizons, and control what you want to see.
* Support for dynamically rendered bar code generation in forms.
* Updated Review Tracker with inbuilt support for RSS feeds. Use
the Reader as your RSS feed reader!
* New 2D and 3D measuring tools for more accurate control of
architectural drawings.
* Printing: New support for Booklet Printing and Low Resolution
printing of secured documents.
* Significant performance improvement for certain types of forms
via direct rendering for Dynamic Forms.
* Support for documents created with Adobe Acrobat 3D including
navigation, cross-section and rendering.
* Accessibility: Support for Orca.
* Various new additions to the Manage Digital ID feature,
including support for Roaming Credentials, support for
Cryptographic Tokens and Smart Cards (PKCS#11 compliant).
* Support for adding a Digital Signature Field in documents
which have been "Reader Enabled" through Acrobat Professional
on Win/Mac.
* Support for viewing PDF Packages - get an organized view of
your PDFs in a single well-defined interface.
* Support for the PRC format for 3D data.
* Beyond Reader: New help resources that contains up-to-date
information on Adobe products, Adobe Reader and how it can be
used with Adobe¡Çs other products.
* Adobe Help Viewer - a self-contained, one-stop shop for all
help related to the Reader
* Improved Search capabilities, including searching of
sub-documents in a PDF Package, improved searching of
attachments, etc.
