Packaging acrotex with TeX Live

Jim Diamond Jim.Diamond at
Mon Oct 12 18:45:14 CEST 2020

On Mon, Oct 12, 2020 at 17:36 (+0200), Henri Menke via tex-live wrote:

> On 12/10/20, 11:41, Jim Diamond via tex-live wrote:

>> That is not true.  I recently got Acrobat reader 9.5.5 running on
>> Slackware64-current (which is very up to date, unlike Slackware 14.2,
>> the most recent "released" version of Slackware).  To get it running
>> there I needed to install some 32-compatibility stuff (which, as I
>> understand it, many 64-bit Linux distributions install by default),
>> but that was about it.

> Even if you can run Adobe Reader 9.5.5, you definitely shouldn't.  It
> has tons of unfixed code execution vulnerabilities.


I think one of us is not interpreting that page correctly.  (I think
it was you.)  (Unless my eyes deceive me) All of those vulnerabilities
say "***before*** 9.5.5" (or 9.5.4 or 9.5.3).  And so it would seem to
me they don't apply to 9.5.5.

> It is also vulnerable to a whole class of information exfiltration
> attacks.


That might be so.  But for someone looking at documents which are not
signed (or have other security features), I'm don't see the relevance.

I realize this thread started with someone talking about PDF viewers
which support security features, but (at most) I think you could advise
"don't use PDF files for security applications", as opposed to "Don't
use Acroread 9.5.5".


More information about the tex-live mailing list.