18:57 trevor 

Move acroread5 to acroread, as requested by tg and vs.

PR:             75371
Approved by:    portmgr (marcus)

20:35 trevor 

security update to 5.0.10

advisory:
<URL:http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities>
<URL:http://www.adobe.com/support/techdocs/331153.html>
and CAN-2004-1152

Submitted by:   hrs

02:41 clive 

* Update to 5.09.
* Unmark FORBIDDEN. According to idefense, vulnerability got fixed by
  vendor silently in this version.

PR:             ports/68294
Submitted by:   Linh Pham <question+freebsdpr at closedsrc dot org>
Approved by:    MAINTAINER time out

16:12 trevor 

Add size data.

16:01 trevor 

Update to 5.0.8.  As reported by Paul Szabo in
<200307092234.h69MYHM43920@milan.maths.usyd.edu.au> on the
full-disclosure and bugtraq lists,

        Despite recent security fixes, an exploitable buffer overflow
        with long URL strings remains [in version 5.0.7]. The
        overflow occurs when you click on the link, and allows
        execution of arbitrary code.

Version 5.0.8 is a second attempt at correcting the problem.

Submitted by:  Shiozaki Takehiko of be.to

Also remove some cruft, and add another master site.  I only tested
this with linux_base-8-8.0_1.

02:28 nork 

Update to 5.07.

Acrobat Reader before 5.0.7 has a vulnerability that may
allow remote attackers to execute arbitrary commands on a
target system.

  Adobe Systems Incorporated Information for VU#200132
    http://www.kb.cert.org/vuls/id/IAFY-5MCQ4L
  CERT/CC Vulnerability Note VU#200132
    http://www.kb.cert.org/vuls/id/200132

PR:             ports/53479
Submitted by:   rushani
Approved by:    maintainer timeout (1 week)

22:33 trevor 

Update to 5.0.6.

The README says:

        A security patch was applied that solves the problem reported
        in http://online.securityfocus.com/archive/1/278984 where
        opening the font cache when the application starts up can
        unintentionally cause the permissions of other files to
        change.

I failed to reproduce the bug in version 5.0.5 and I have not tried
to reproduce it with this version.  The discoverer, Paul Szabo,
said that linked files could have not just their permissions changed,
but could be overwritten.  caveat lector.

PR:             40987
Submitted by:   Oliver Braun

Add a DIST_SUBDIR because neither the name of the distfile nor the
list of its contents ("tar tzvf" output) mention the name of the
program.

00:36 dwcjr 

Update acroread5 to acroread5

PR:             38449
Submitted by:   maintainer