Secunia
Login
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Thread: VLC Media Player 0.9.6
You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.This thread was submitted in the following forum:
Programs
|
Relating to this vendor: VideoLAN |
And, this specific program: VLC media player 0.x |
| Z4ppy | VLC Media Player 0.9.6 |
|---|---|
 |
7th Dec, 2008 16:43 |
|
Ranking: 1 Posts: 8 User Since: 30th Nov, 2008 System Score: N/A Location: CH Last edited on 7th Dec, 2008 16:44 |
Until yesterday, VLC Media Player 0.9.6 has been detected as insecure, caused by this vulnerability: http://secunia.com/advisories/32942/ This bug hasn't been fixed until now (only in 0.9.8a, but this version isn't available for Windows atm), but PSI detects it as secure. Why? Z4ppy PS: Sorry for my English, I'm German ;) I hope you understand what I tried to explain... |
| BigDave_39 | RE: VLC Media Player 0.9.6 | ||||||||
|
|
7th Dec, 2008 20:14 | ||||||||
| Score: 0 Posts: 177 User Since: 26th Nov 2008 System Score: N/A Location: Washington, DC, US Last edited on 7th Dec, 2008 20:14 |
on 7th Dec, 2008 16:43, Z4ppy wrote: Until yesterday, VLC Media Player 0.9.6 has been detected as insecure, caused by this vulnerability: http://secunia.com/advisories/32942/ This bug hasn't been fixed until now (only in 0.9.8a, but this version isn't available for Windows atm), but PSI detects it as secure. Why? I think you answered your own question. The psi will only notify you if there are security patches available. Since there's no patch from the vendor - then there is no patch the psi can refer you to. See also this thread: http://secunia.com/community/forum/thread/show/725... on 7th Dec, 2008 16:43, Z4ppy wrote: PS: Sorry for my English, I'm German ;) I hope you understand what I tried to explain... Your English is pretty good, so no problems there m8 ;-) -- Big Dave |
||||||||
|
|||||||||
| Z4ppy2 | RE: VLC Media Player 0.9.6 | ||||||||
|
|
7th Dec, 2008 22:13 | ||||||||
| Score: 0 Posts: 2 User Since: 7th Dec 2008 System Score: N/A Location: N/A |
on 7th Dec, 2008 20:14, BigDave_39 wrote: I think you answered your own question. The psi will only notify you if there are security patches available. Since there's no patch from the vendor - then there is no patch the psi can refer you to. See also this thread: http://secunia.com/community/forum/thread/show/725... Your English is pretty good, so no problems there m8 ;-) I thought, PSI lists all programs, that have vulnerabilities atm, as insecure and those, who are patched, as secure. So if a patch is available, it's listed as secure? That won't be logical... It's still insecure until applying the patch... The thread didn't help me very much... Thanks :) Z4ppy |
||||||||
|
|||||||||
| Timothy.Berry | RE: VLC Media Player 0.9.6 | ||||||||
|
|
8th Dec, 2008 11:41 | ||||||||
| Score: 0 Posts: 1 User Since: 24th Oct 2008 System Score: N/A Location: N/A |
on 7th Dec, 2008 22:13, Z4ppy2 wrote: I thought, PSI lists all programs, that have vulnerabilities atm, as insecure and those, who are patched, as secure. So if a patch is available, it's listed as secure? That won't be logical... It's still insecure until applying the patch... The thread didn't help me very much... Thanks :) Z4ppy Can someone from Secunia confirm that whether there is a patch or not, if there is a known vulnerability, then PSI lists it as such? |
||||||||
|
|||||||||
| CourageDK | RE: VLC Media Player 0.9.6 | ||||||||
|
|
9th Dec, 2008 23:32 | ||||||||
| Score: 0 Posts: 23 User Since: 9th Dec 2008 System Score: N/A Location: DK Last edited on 9th Dec, 2008 23:34 |
I have discovered problems with VLC too. Im not sure if it the same problem i repeat. But my PSI says VLC is unsecure, and when i click on the "make secure"-button, it downloads stuff, uninstall VLC and install a new one. no difference at all, i have tried that twice now... no difference... is VLC unsecure or is it a bug? (Sorry for my bad English ^^ I'm Danish) |
||||||||
|
|||||||||
| duallydave | RE: VLC Media Player 0.9.6 | ||||||||
|
|
10th Dec, 2008 01:02 | ||||||||
| Score: 0 Posts: 2 User Since: 10th Dec 2008 System Score: N/A Location: Seattle, US |
I had the same experience, I put it in an ignore rule. Hopefully I remember to revisit this later and get it resolved. I don't use VLC much though. If I had a cablecard for my HTPC I would use VLC more, but most of the good channels are encrypted. | ||||||||
|
|||||||||
| Z4ppy | RE: VLC Media Player 0.9.6 | ||||||||
|
|
11th Dec, 2008 17:31 | ||||||||
| Score: 1 Posts: 8 User Since: 30th Nov 2008 System Score: N/A Location: CH Last edited on 11th Dec, 2008 17:32 |
on 9th Dec, 2008 23:32, CourageDK wrote: I have discovered problems with VLC too. Im not sure if it the same problem i repeat. But my PSI says VLC is unsecure, and when i click on the "make secure"-button, it downloads stuff, uninstall VLC and install a new one. no difference at all, i have tried that twice now... no difference... is VLC unsecure or is it a bug? (Sorry for my bad English ^^ I'm Danish) VLC is insecure! Have a look at the link in the first post ;) PSI downloads the newest version, that is 0.9.6, but if you already installed 0.9.6, PSI still wants to download and reinstall it :D So PSI detects a newer version that is the one that is installed... Another bug with VLC :D The bug I reported is fixed... VLC is detected as insecure again ;) But the 0.9.8a for Windows has been released, so in a few moments, it's not insecure anymore :) Z4ppy |
||||||||
|
|||||||||
| CourageDK | RE: VLC Media Player 0.9.6 | ||||||||
|
|
11th Dec, 2008 19:25 | ||||||||
| Score: 0 Posts: 23 User Since: 9th Dec 2008 System Score: N/A Location: DK |
Fine, Thx ;D | ||||||||
|
|||||||||
| mrbellek | RE: VLC Media Player 0.9.6 | ||||||||
|
|
15th Dec, 2008 10:33 | ||||||||
| Score: 0 Posts: 4 User Since: 15th Dec 2008 System Score: N/A Location: N/A |
I just installed VLC 0.9.8a (file version info 0.9.8.1) on Windows XP SP2 here, and it is still detected by the PSI as 0.9.6, and as insecure. Can you please fix this? | ||||||||
|
|||||||||
| Z4ppy | RE: VLC Media Player 0.9.6 | ||||||||
|
|
15th Dec, 2008 17:15 | ||||||||
| Score: 1 Posts: 8 User Since: 30th Nov 2008 System Score: N/A Location: CH |
I installed 0.9.8a and it's detected as 0.9.8a... So the problem must be your computer (or you :P) Scan the file again or try to deinstall the installed version and reinstall 0.9.8a... Should work ;) Z4ppy |
||||||||
|
|||||||||
| BigDave_39 | RE: VLC Media Player 0.9.6 | ||||||||
|
|
15th Dec, 2008 21:01 | ||||||||
| Score: 0 Posts: 177 User Since: 26th Nov 2008 System Score: N/A Location: Washington, DC, US |
on 15th Dec, 2008 10:33, mrbellek wrote: I just installed VLC 0.9.8a (file version info 0.9.8.1) on Windows XP SP2 here, and it is still detected by the PSI as 0.9.6, and as insecure. Can you please fix this? Try checking the path to where the psi detected this insecure item, the psi is so thorough that it picks up all copies on your harddrive :-) -- Big Dave |
||||||||
|
|||||||||
| mrbellek | RE: VLC Media Player 0.9.6 | ||||||||
|
|
15th Dec, 2008 23:59 | ||||||||
| Score: 0 Posts: 4 User Since: 15th Dec 2008 System Score: N/A Location: N/A |
There is only one copy of vlc.exe on my HD and it's detected wrong. Nevermind, I'll just add an ignore rule. | ||||||||
|
|||||||||
