Are any Tracker Software products susceptible to the PDFex vulnerabilities?
https://pdf-insecurity.org/encryption/encryption.html
https://www.forbes.com/sites/zakdoffman ... -apps-now/
PDFex Vulnerability
Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan
- Will - Tracker Supp
- Site Admin
- Posts: 6815
- Joined: Mon Oct 15, 2012 9:21 pm
- Location: London, UK
- Contact:
Re: PDFex Vulnerability
Hi Unregistered,
Thanks for the post - This was a vulnerability but was fixed as of build 332. The latest release is build 333:
https://www.pdf-xchange.com/downloads
Cheers,
Thanks for the post - This was a vulnerability but was fixed as of build 332. The latest release is build 333:
https://www.pdf-xchange.com/downloads
Cheers,
If posting files to this forum, you must archive the files to a ZIP, RAR or 7z file or they will not be uploaded.
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
Thank you.
Best regards
Will Travaglini
Tracker Support (Europe)
Tracker Software Products Ltd.
http://www.tracker-software.com
-
- User
- Posts: 17
- Joined: Wed Jan 12, 2011 6:39 pm
Re: PDFex Vulnerability
I'd appreciate if this sort of thing would be mentioned in the release notes in the future. I've been using PDF Tools build 330 and skipped later updates because none of them seemed applicable or important to me. This important security fix is not mentioned.
https://www.pdf-xchange.com/produc ... #8.0.333.0
Thanks.
https://www.pdf-xchange.com/produc ... #8.0.333.0
Thanks.
- Ivan - Tracker Software
- Site Admin
- Posts: 3550
- Joined: Thu Jul 08, 2004 10:36 pm
- Location: Vancouver Island - Canada
- Contact:
Re: PDFex Vulnerability
PDF Tools were not affected. In build history for the Editor, we mentioned this fix, but we were not allowed to provide more details about the vulnerability at that moment.
Tracker Software (Project Director)
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
When attaching files to any message - please ensure they are archived and posted as a .ZIP, .RAR or .7z format - or they will not be posted - thanks.
-
- User
- Posts: 17
- Joined: Wed Jan 12, 2011 6:39 pm
Re: PDFex Vulnerability
But PDF Tools installs the viewer/editor by default, doesn't it? So a user would have to go out of his or her way to look at release notes for products they're not directly installing to know about this.
No details were necessary, just mention of a fix for a security vulnerability would suffice.
No details were necessary, just mention of a fix for a security vulnerability would suffice.
- Tracker Supp-Stefan
- Site Admin
- Posts: 17932
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
Re: PDFex Vulnerability
Hello Unregistered,
The fix was effectively in the Editor, and did apply to the version of the Editor that comes with Tools, so yes the fix was included in Tools as well, but as it was not explicitly applied to Tools - we missed adding it in the version history.
I will see if we can make sure that in future similar cases we mention security related fixes in the version history pages of all our products!
Regards,
Stefan
The fix was effectively in the Editor, and did apply to the version of the Editor that comes with Tools, so yes the fix was included in Tools as well, but as it was not explicitly applied to Tools - we missed adding it in the version history.
I will see if we can make sure that in future similar cases we mention security related fixes in the version history pages of all our products!
Regards,
Stefan