Universal XSS

A version 7.09 has been released for Linux which fixes this vulnerability; see http://www.adobe.com/support/security/bulletins/apsb07-01.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 11 Jan 2007 18:31:08 -0500
Source: acroread
Binary: mozilla-acroread acroread acroread-escript acroread-plugins
Architecture: source
Version: 7.0.9-0.0.ubuntu1
Distribution: feisty
Urgency: low
Maintainer: Christian Marillat <email address hidden>
Changed-By: Daniel T Chen <email address hidden>
Description:
 acroread - Adobe Acrobat Reader: Portable Document Format file viewer
 acroread-escript - Adobe EScript Plug-In
 acroread-plugins - Plugins for Adobe Acrobat(R) Reader
 mozilla-acroread - Adobe Acrobat(R) Reader plugin for mozilla / konqueror
Changes:
 acroread (7.0.9-0.0.ubuntu1) feisty; urgency=low
 .
   [SECURITY]: Fix XSS vulnerabilities (Closes Ubuntu: #78339).
   * References:
     http://www.adobe.com/support/security/advisories/apsa07-01.html
     CVE-2007-0045
     CVE-2007-0046
   * New upstream release.
   * Merge with debian-multimedia, remaining Ubuntu changes:
     - debian/acroread.diff: Fix broken regexp,
     - debian/control:
       + Explicitly depend on libstdc++5,
       + Clarify descriptions of acroread and acroread-plugins.
 .
 acroread (7.0.9-0.0) stable; urgency=low
 .
   * New upstream release.
Files:
 4a18bf9c7ba965fef342d3c953b6ebfd 673 text optional acroread_7.0.9-0.0.ubuntu1.dsc
 8979a70c587a7ee82d0d2a6c72f29b0c 44173488 text optional acroread_7.0.9.orig.tar.gz
 80dab216a0e6ed819567ca024ea3a862 29002 text optional acroread_7.0.9-0.0.ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFpsoLe9GwFciKvaMRApqYAJ9Kzoin0V2WJQpr2D+GLNvRf9VJ/wCeLDDl
h4966dbGbEWM79u8k0FZUoQ=
=lVMG
-----END PGP SIGNATURE-----

Is there any reason why the updated package seems unavailable in feisty archives?

Unfortunately, acroread has been removed from Ubuntu for feisty; its license does not allow redistribution. :(

Edgy security update has been published. Thanks crimsun!

With regards to Feisty, that stinks :(

Can someone at Canonical please try to get it into the future "feisty-commercial" repository?

However, much thanks for getting an Edgy version; I can confirm that it works quite nicely in Feisty :) All you need to do is add the following line to your sources.list file:

deb http://archive.ubuntu.com/ubuntu/ edgy-security multiverse

Curiously, although its version 7.0.9-0.0.ubuntu0.6.10 in Synaptic, running Acrobat Reader and going Help -> About gives "Version 7.0.8 5/22/2006"

I tested it on
http://singe.za.net/blog/archives/803-Adobe-XSS-Patching.html
and it seems to be fine though :-)

The Help/About thing gave me pause when I was testing it too. :) Looks like it's a goof on Adobe's part. It does appear to be the 7.0.9 version, though.

http://adhd.irule.net/~crimsun/breezy-security/

http://adhd.irule.net/~crimsun/dapper-security/

Hi crimsun. I'm working on these now. In the future, I can move more quickly if you also publish a debdiff (I have a script that does all the download/patch/build magic with a debdiff).

Thanks again!

Breezy and Dapper have been published now, they should show up in the archives shortly. :)

How is it that acroread is redistributable for breezy, dapper and edgy, but not feisty?

It may not be redistributable, and we can't touch frozen stable releases.

FYI to those subscribed to this bug, the Medibuntu repository now carries acroread for Feisty.