Packaging acrotex with TeX Live
Jim Diamond
Jim.Diamond at acadiau.ca
Mon Oct 12 18:45:14 CEST 2020
On Mon, Oct 12, 2020 at 17:36 (+0200), Henri Menke via tex-live wrote:
> On 12/10/20, 11:41, Jim Diamond via tex-live wrote:
>> That is not true. I recently got Acrobat reader 9.5.5 running on
>> Slackware64-current (which is very up to date, unlike Slackware 14.2,
>> the most recent "released" version of Slackware). To get it running
>> there I needed to install some 32-compatibility stuff (which, as I
>> understand it, many 64-bit Linux distributions install by default),
>> but that was about it.
> Even if you can run Adobe Reader 9.5.5, you definitely shouldn't. It
> has tons of unfixed code execution vulnerabilities.
> https://www.cvedetails.com/vulnerability-list/vendor_id-53/product_id-497/version_id-124630/Adobe-Acrobat-Reader-9.5.html
I think one of us is not interpreting that page correctly. (I think
it was you.) (Unless my eyes deceive me) All of those vulnerabilities
say "***before*** 9.5.5" (or 9.5.4 or 9.5.3). And so it would seem to
me they don't apply to 9.5.5.
> It is also vulnerable to a whole class of information exfiltration
> attacks.
> https://www.pdf-insecurity.org/
That might be so. But for someone looking at documents which are not
signed (or have other security features), I'm don't see the relevance.
I realize this thread started with someone talking about PDF viewers
which support security features, but (at most) I think you could advise
"don't use PDF files for security applications", as opposed to "Don't
use Acroread 9.5.5".
Cheers.
Jim
More information about the tex-live
mailing list.