[pdftex] [tex-live] PDF 1.5 by default in TL 2010

James Quirk jjq at galcit.caltech.edu
Wed Jan 13 17:27:12 CET 2010


On Wed, 13 Jan 2010, Philip TAYLOR wrote:

> 
> 
> James Quirk wrote:
> 
> > Don't forget there's always the security angle to consider,
> > as older versions of AR/AA have buffer flow problems that can be
> > exploited by malicious PDFs. Therefore if you're going to stick
> > with AR5/6/7/8, be aware of the risks involved.
> 
> which is not to suggest that V9 of AA/AR is any
> more secure : see http://blogs.adobe.com/asset/2009/12/
> for pertinent details.
Indeed, as soon as one vulnerability is plugged another is exposed. 
However Adobe are inching forward with extra layers of security, such as 
black-listing of individual JavaScript functions, see 
http://kb2.adobe.com/cps/504/cpsid_50431.html, and so for most users it 
does make sense to swim with the security-flow. Although as Dumas 
once observed -- all generalistions are dangerous, including this one.
Hence it is easy to pick holes in such statements.

James

> 
> * Phil.
> 
> 


More information about the pdftex mailing list