Package: cups-pdf
Version: 2.6.1-5
Severity: serious
Dear Maintainer,
The PDF files produced from cups-pdf always contains Author,
which is bad for security if the user wants to generate
sensitive PDF files.
The Author field is in the format of "(username)".
I confirmed this from LibreOffice writer, and Opera (browser),
and Chrome (browser). When I tested LibreOffice, I specifically
switched off the inclusion of the user info in the document.
The PDF file produced by cups-pdf contains the "(username)" string
in two places. One is as a regular PDF metadata, which you can
remove using a tool like pdftk. But, I don't know how to delete
the other one, which takes the form of
<rdf:Description rdf:about='864de34d-855f-11ec-0000-eb4edbf2574'
xmlns:dc='http://purl.org/dc/elements/1.1/'
dc:format='application/pdf'><dc:title><rdf:Alt><rdf:li
xml:lang='x-default'>(Print -
Google)</rdf:li></rdf:Alt></dc:title><dc:creator><rdf:Seq><rdf:li>(furue)</rdf:li></rdf:Seq></dc:creator></rdf:Description>
In the above, "(furue)" is the string in question.
Regards,
Ryo
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.1.0-1-686-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages cups-pdf depends on:
ii cups 1.5.0-13
ii cups-client 1.5.0-13
ii ghostscript 9.04~dfsg-3
ii libc6 2.13-24
ii libpaper-utils 1.1.24+nmu1
cups-pdf recommends no packages.
Versions of packages cups-pdf suggests:
pn system-config-printer-gnome | system-config-printer-kde |
system-co <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
