Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: python 2.7.5 in OpenOffice flagged

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
rd52 python 2.7.5 in OpenOffice flagged
Member 27th Dec, 2013 21:44
Ranking: 10
Posts: 46
User Since: 4th Dec, 2008
System Score: N/A
Location: US
Today Secunia flagged Python 2.7.5 as being a security vulnerability, even though it is located in Apache's OpenOffice. I don't know how to update it as it's part of OpenOffice 4.0.1, which is the most current version available. I clicked the ignore updates for now, until someone can help me with my problem. Thanks!

Maurice Joyce RE: python 2.7.5 in OpenOffice flagged
Handling Contributor 27th Dec, 2013 22:14
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It is almost certainly a false positive in that it is embedded in a secure programme.

Best you write to Secunia Support at: support@secunia.com and ask them to adjust their database.

Unsure when they return from holiday - you may have to wait awhile for a reply/action.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+4
-0
drbilm RE: python 2.7.5 in OpenOffice flagged
Member 28th Dec, 2013 19:48
Score: 0
Posts: 1
User Since: 28th Dec 2013
System Score: N/A
Location: US
Same here, created new subdirectory in Programfiles\Openoffice and installed 2.7.6, Secunia will not recognize the new version. Since I am not actually developing in Open Office, is there a need for the Python language?


--
Dell Optiplex 745, Win7 SP1
Was this reply relevant?
+0
-0
Maurice Joyce RE: python 2.7.5 in OpenOffice flagged
Handling Contributor 28th Dec, 2013 22:14
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I suspect only the vendor can tell you why Python has been embedded into OpenOffice.

Until Secunia adjust their database (if it is a false positive) or you delete the offending file from within Open Office or OpenOffice release a new version with Python 2.7.6 embedded PSI will find & show the vulnerability.



--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
rd52 RE: python 2.7.5 in OpenOffice flagged
Member 28th Dec, 2013 22:37
Score: 10
Posts: 46
User Since: 4th Dec 2008
System Score: N/A
Location: US
I did as you suggested Maurice and emailed to the Secunia address that you wrote. I haven't had an answer back yet. When they respond I'll add the response to this thread.
Was this reply relevant?
+0
-0
rd52 RE: python 2.7.5 in OpenOffice flagged
Member 30th Dec, 2013 17:06
Score: 10
Posts: 46
User Since: 4th Dec 2008
System Score: N/A
Location: US
I got this today, and now Secunia doesn't flag python.

"Thank you for contacting Secunia Support.

We have updated our detection rules for OpenOffice and LibreOffice which now bundles Python.
If you perform a full scan with the Secunia PSI, Python should be removed from the scan results."
Was this reply relevant?
+1
-0
Muggle10 RE: python 2.7.5 in OpenOffice flagged
Member 30th Dec, 2013 17:21
Score: 0
Posts: 4
User Since: 31st Dec 2009
System Score: N/A
Location: US
I'm also getting Python 2.7.5 flagged as insecure. In my case, it's embedded in CyberLink PhotoDirector (version 5). I'll contact Secunia Support about it.

--
Wndows 8.1
HP Notebook, AMD A6 Processor x64
Was this reply relevant?
+0
-0
Maurice Joyce RE: python 2.7.5 in OpenOffice flagged
Handling Contributor 30th Dec, 2013 18:54
Score: 11743
Posts: 9,000
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 31st Dec, 2013 21:22
@Muggle10

Secunia Support will almost certainly adjust their database to facilitate your programme.

@rd52

Pleased to see you are all fixed up.

On that basis, I will lock this thread for you sometime tomorrow unless you post back asking for it to be left open.

This will protect your mail box from possible update emails from "tag on" posts

You can of course lock threads you have created. Just click the ACCEPT button in the post of the helper who offered you the best solution/advice to solve your problem.

Secunia Support can always reopen threads by applying by email to: support@secunia.com

Happy New Year.

EDIT

Thread locked at: 20:20 31/12/2013










--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability