navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: 1.98.8 not reported as vulnerable, why?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
XnSoft
And, this specific program:
XnView 1.x

This thread has been marked as locked.
aaaaaaaaaaaaaaaaa 1.98.8 not reported as vulnerable, why?
Member 15th Mar, 2012 00:12
Ranking: -5
Posts: 41
User Since: 15th Dec, 2008
System Score: 98%
Location: N/A
Actually, why does PSI not report XnView 1.98.8 as vulnerable version?
SA47600 is still open.
SA18235 as well.

ddmarshall RE: 1.98.8 not reported as vulnerable, why?
Dedicated Contributor 15th Mar, 2012 16:23
Score: 1212
Posts: 968
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Secunia may not be aware that 1.98.8 was released on 2012-03-09.
You can use the program suggestion feature or email support to notify them.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+1
-0
mogs RE: 1.98.8 not reported as vulnerable, why?
Expert Contributor 15th Mar, 2012 17:50
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Is the following of any help ? :-
http://www.esecurityplanet.com/patches/xnview-gets...
XnView Gets Security Update

Version 1.98.8 of the image viewer patches three highly critical security flaws.

March 14, 2012 Share
Version 1.98.8 of the XnView image viewer and converter was recently released.

"According to an advisory from security service provider Secunia, the update addresses three 'highly critical' vulnerabilities that could be exploited by an attacker to execute arbitrary code and compromise a victim's system," The H Security reports.

"Upgrading to 1.98.8 -- available to download for 32-bit versions of Windows -- corrects the problems," the article states.

Go to "Critical vulnerabilities in XnView fixed" to read the details.

--
Was this reply relevant?
+1
-0
aaaaaaaaaaaaaaaaa RE: 1.98.8 not reported as vulnerable, why?
Member 15th Mar, 2012 22:57
Score: -5
Posts: 41
User Since: 15th Dec 2008
System Score: 98%
Location: N/A
on 15th Mar, 2012 16:23, ddmarshall wrote:
Secunia may not be aware that 1.98.8 was released on 2012-03-09.
You can use the program suggestion feature or email support to notify them.

Well, perhaps I will notify them. Thanks for your hint.
Anyhow, Secunia is aware of this release because PSI let update 1.98.5 to 1.98.8
due to vulnerabilities as in SA47388 .
Was this reply relevant?
+0
-0
aaaaaaaaaaaaaaaaa RE: 1.98.8 not reported as vulnerable, why?
Member 15th Mar, 2012 22:59
Score: -5
Posts: 41
User Since: 15th Dec 2008
System Score: 98%
Location: N/A
on 15th Mar, 2012 17:50, mogs wrote:
Is the following of any help ? :-
http://www.esecurityplanet.com/patches/xnview-gets...
XnView Gets Security Update


Hmm, I am not talking about SA47388 which article from your mail is referring to.
It is the question of security reports as shown in the thread's initial message.
Was this reply relevant?
+0
-0
Anthony Wells RE: 1.98.8 not reported as vulnerable, why?
Expert Contributor 15th Mar, 2012 23:14
Score: 2454
Posts: 3,345
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

It's the way Secunia PSI does things . The alltime vunereability report (scroll cown) shows you the unpatched vulnerabilities :-

http://secunia.com/advisories/product/6705/?task=a...

The PSI will display the most patched version as "up to date and secure" in the Scan Results Table/Page/Module as there are no more ptches available and you have done all you can to update ; in this case 1.98.8 is the latest "fully patched" version available but does have unpatched vulnerabilities . Secunia have been asked in the past to add a display of "unpatched vulerabilities , apart from the "Secure Browsing" module , they have categorically refused to do as requested .

Hope that clears up your interpretation of the display .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+