[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: DSA-3708-1 mat -- security update (What are MAT users to do)?
From: Stephen Dowdy <sdowdy () ucar ! edu>
Date: 2016-11-13 16:28:34
Message-ID: CA+CZZDY301-0w8vPRiBB=iZWuFtSKapcA75s+VesAAAbL5v4DA () mail ! gmail ! com
[Download RAW message or body]
> On Sun, Nov 13, 2016 at 5:47 AM, intrigeri <intrigeri@debian.org> wrote:
> Robert Haist:
> > For PDFs you can use exiftool from the libimage-exiftool-perl to remove
> > metadata:
> > exiftool -all= example.pdf
> > This works for me.
>
> Does this address the problem (metadata in embedded images) that
> triggered us from removing this functionality from MAT?
Assuming the documentation is correct, the manpage for exiftool states:
> 3) Changes to PDF files are reversible because the original
information is never actually deleted from the file. > So
ExifTool alone may not be used to securely edit metadata in PDF files.
that sounds like a "NO". :-(
--stephen
--
Stephen Dowdy - Systems Administrator - NCAR/RAL
303.497.2869 - sdowdy@ucar.edu - http://www.ral.ucar.edu/~sdowdy/
[Attachment #3 (text/html)]
<div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace">> On Sun, \
Nov 13, 2016 at 5:47 AM, intrigeri <<a \
href="mailto:intrigeri@debian.org">intrigeri@debian.org</a>> wrote:<br>> Robert \
Haist:<br>> > For PDFs you can use exiftool from the libimage-exiftool-perl to \
remove<br>> > metadata:<br>> > exiftool -all= example.pdf<br>> > \
This works for me.<br>> <br>> Does this address the problem (metadata in embedded images) \
that<br>> triggered us from removing this functionality from MAT?<br> <br>Assuming the \
documentation is correct, the manpage for exiftool states:<br><br>> 3) \
Changes to PDF files are reversible because the original information is never actually deleted \
from the file. > So ExifTool alone may not be used to securely \
edit metadata in PDF files.<br><br></div><div class="gmail_default" \
style="font-family:monospace,monospace">that sounds like a "NO". \
:-(<br><br></div><div class="gmail_default" \
style="font-family:monospace,monospace">--stephen<br></div><div class="gmail_extra"><br><br \
clear="all"><br>-- <br><div class="gmail_signature">Stephen Dowdy - Systems Administrator \
- NCAR/RAL<br>303.497.2869 - <a href="mailto:sdowdy@ucar.edu" \
target="_blank">sdowdy@ucar.edu</a> - <a href="http://www.ral.ucar.edu/%7Esdowdy/" \
target="_blank">http://www.ral.ucar.edu/~sdowdy/</a><br><br><br></div> </div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic