[Solved] VLC 3.0.3 detected as safe
-
Unless some more tangible report comes out, then we will keep flagging 3.0.2, 3.0.3 and 3.0.4 as "OK", with 3.0.4 being the recommended version.
But thank you for reporting this, in this time and age you can't just rely on vendors to report all issues, so when you see reports elsewhere, then please post here or send me a chat message and we will investigate.
-
-
Thank you.
Yeah, well, as we discussed that, it seems that a guy has found a vuln in 3.0.4.
So it is time to flag all versions as being "Insecure"
Let's hope a new release of VLC comes out one of the next days.
CVE Details is a great site for getting some high level information about the history of a product.
However, CVE itself, has seen better days, unfortunately a lot of vulns are assigned CVEs rather late and a lot never receives a CVE.
Just look at yesterdays Chrome release, where some of the vulns are "To be allocated [a CVE]". That seems odd for such a significant app as Chrome:
https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html -
Tom, is the issue solved (after you flagged all versions as being "Insecure")?
-
@Tom says, 3.0.2, 3.0.3, 3.0.4 are not insecure, but 3.0.4 is recommended . I only found an information, that 3.0.1 is insecure.
-
-
@Tom OK, i did not see it at cve.mitre.org using the search.
-
@Anselm Correction: OK, i did not see it yesterday at cve.mitre.org using the search. But now i knew why:
Date Entry Created
20181205 -
@Anselm VLC 3.0.5 is out
-
@Tom Thank you, I updated it yesterday
-
@Tom
From changelog 3.0.4 to 3.0.5
"Update numerous 3rd party libraries, including for minor security issues"This subject could be close.
Thanks a lot Tom.
-
@GregAlexandre OK, then I mark the topic as Solved
