[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

is acroread really affected by DSA-122 ?


acroread was actually removed from Debian because of bug #137997. The
submitter says that acroread is statically linked against zlib, and thus 
"This might mean that Acrobat Reader is affected by DSA-122, too."

My question is to know how I can prove that it is affected, or if adobe was
nice enough to use a correct version of the zlib.

I did try to disassemble it (I live in France, so there is no legal issue
for me) using objdump, but i don't manage to read the output.

Here is what nm says:
Reader/intellinux/bin/acroread:083de46c T AS_flate_tr_tally
Reader/intellinux/bin/acroread:0863c960 D AS_flate_z_errmsg
Reader/intellinux/bin/acroread:083dec0c T AS_flate_z_memcmp
Reader/intellinux/bin/acroread:083dec00 T AS_flate_zlibVersion
Reader/intellinux/bin/acroread:0835a310 T ASallocstrcpy

Anyway, I'm not sure disassembling the code to get the value of zlibVersion,
as I first wanted, would be the right solution.

Maybe I should try to do a corrupted pdf file, to see if the problems with
zlib exist here or not.

Any idea ?

Thanks, Mt.

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: