is acroread really affected by DSA-122 ?
Hello,
acroread was actually removed from Debian because of bug #137997. The
submitter says that acroread is statically linked against zlib, and thus
"This might mean that Acrobat Reader is affected by DSA-122, too."
My question is to know how I can prove that it is affected, or if adobe was
nice enough to use a correct version of the zlib.
I did try to disassemble it (I live in France, so there is no legal issue
for me) using objdump, but i don't manage to read the output.
Here is what nm says:
Reader/intellinux/bin/acroread:083de46c T AS_flate_tr_tally
Reader/intellinux/bin/acroread:0863c960 D AS_flate_z_errmsg
Reader/intellinux/bin/acroread:083dec0c T AS_flate_z_memcmp
Reader/intellinux/bin/acroread:083dec00 T AS_flate_zlibVersion
Reader/intellinux/bin/acroread:0835a310 T ASallocstrcpy
Anyway, I'm not sure disassembling the code to get the value of zlibVersion,
as I first wanted, would be the right solution.
Maybe I should try to do a corrupted pdf file, to see if the problems with
zlib exist here or not.
Any idea ?
Thanks, Mt.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: