is acroread really affected by DSA-122 ?

To: debian-security@lists.debian.org
Cc: 137997@bugs.debian.org
Subject: is acroread really affected by DSA-122 ?
From: Martin Quinson <Martin.Quinson@tuxfamily.org>
Date: Tue, 21 May 2002 19:35:11 +0200
Message-id: <[🔎] 20020521173510.GE953@blaise.ens-lyon.fr>

Hello,

acroread was actually removed from Debian because of bug #137997. The
submitter says that acroread is statically linked against zlib, and thus 
"This might mean that Acrobat Reader is affected by DSA-122, too."

My question is to know how I can prove that it is affected, or if adobe was
nice enough to use a correct version of the zlib.

I did try to disassemble it (I live in France, so there is no legal issue
for me) using objdump, but i don't manage to read the output.

Here is what nm says:
Reader/intellinux/bin/acroread:083de46c T AS_flate_tr_tally
Reader/intellinux/bin/acroread:0863c960 D AS_flate_z_errmsg
Reader/intellinux/bin/acroread:083dec0c T AS_flate_z_memcmp
Reader/intellinux/bin/acroread:083dec00 T AS_flate_zlibVersion
Reader/intellinux/bin/acroread:0835a310 T ASallocstrcpy

Anyway, I'm not sure disassembling the code to get the value of zlibVersion,
as I first wanted, would be the right solution.

Maybe I should try to do a corrupted pdf file, to see if the problems with
zlib exist here or not.

Any idea ?

Thanks, Mt.


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: is acroread really affected by DSA-122 ?
  - From: Alan Shutko <ats@acm.org>

Prev by Date: auth.log
Next by Date: Re: auth.log
Previous by thread: Re: auth.log
Next by thread: Re: is acroread really affected by DSA-122 ?
Index(es):
- Date
- Thread