Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: VLC 1.1.9 Does Not Fix SA41810 - VLC Team Needs Help

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
VideoLAN
And, this specific program:
VLC media player 1.x

This thread has been marked as locked.
whbecker3500 VLC 1.1.9 Does Not Fix SA41810 - VLC Team Needs Help
Member 17th Apr, 2011 00:34
Ranking: 3
Posts: 3
User Since: 8th May, 2010
System Score: N/A
Location: N/A
The VLC developers are aware of SA41810 and it is not fixed in VLC 1.1.9. Please see this thread in the VLC forums:

http://forum.videolan.org/viewtopic.php?f=14&t=877...

As you can see from that thread, the VLC team is looking for someone to maintain the Mozilla and ActiveX plugins. If that is your idea of a fun time, please contact them!

klausus02 RE: VLC 1.1.9 Does Not Fix SA41810 - VLC Team Needs Help
Member 17th Apr, 2011 18:23
Score: 7
Posts: 51
User Since: 4th Feb 2011
System Score: N/A
Location: DE
Last edited on 19th Apr, 2011 17:39
@whbecker3500

on 17th Apr, 2011 00:34, whbecker3500 wrote:
.... it is not fixed in VLC 1.1.9. ...



this is actualy not writen in this thread. Anyway, unfortunaltely videolan developers have explicity not made any comments about fixing SA4180 in VLC 1.1.9...





Was this reply relevant?
+0
-0
klausus02 RE: VLC 1.1.9 Does Not Fix SA41810 - VLC Team Needs Help
Member 19th Apr, 2011 17:40
Score: 7
Posts: 51
User Since: 4th Feb 2011
System Score: N/A
Location: DE
Last edited on 19th Apr, 2011 17:45
.. according heise-online vlc 1.1.9 now is secure again..

... follow this links:
http://www.heise.de/newsticker/meldung/VLC-ist-wie...

http://www.videolan.org/vlc/releases/1.1.9.html

Was this reply relevant?
+0
-0
whbecker3500 RE: VLC 1.1.9 Does Not Fix SA41810 - VLC Team Needs Help
Member 22nd Apr, 2011 06:29
Score: 3
Posts: 3
User Since: 8th May 2010
System Score: N/A
Location: N/A
Last edited on 22nd Apr, 2011 06:32
[quote=p36806].. according heise-online vlc 1.1.9 now is secure again..

... follow this links:
http://www.heise.de/newsticker/meldung/VLC-ist-wie...

http://www.videolan.org/vlc/releases/1.1.9.html[/q...


Those links show that the vulnerabilities given in SA44022 and SA44054 have been fixed in VLC 1.1.9. Indeed, Securia PSI shows that VLC 1.1.9 is secure.

However, the vulnerability in SA41810 refers to the Mozilla and ActiveX plugins. I don't see that VLC claims that these have been fixed. And the link above:

http://forum.videolan.org/viewtopic.php?f=14&t=877...

implies that it is not fixed.
Was this reply relevant?
+3
-0
Anthony Wells RE: VLC 1.1.9 Does Not Fix SA41810 - VLC Team Needs Help
Expert Contributor 22nd Apr, 2011 14:40
Score: 2384
Posts: 3,280
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

I certainly take the "unresolved" as stated by Rémi Denis-Courmont in the linked VidoeLAN Forum as meaning "not fixed/patched" , at least as far as Secunia are concerned regarding SA41810 . That is certainly the clearest statement as yet made from a "reliable" source on the VLC Player side of things .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability