SecTeer VulnDetect & PatchPro Support Forum VulnDetect
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Download VulnDetect Installer
    • Login

    [Solved] VLC 3.0.3 detected as safe

    Scheduled Pinned Locked Moved Solved Detection Issues
    19 Posts 4 Posters 5.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Anselm
      last edited by Anselm

      Maybe a copy paste error?

      https://portableapps.com/news/2018-09-01--vlc-media-player-portable-3.0.4-released (This version fixes a critical security issue in VLC.)
      https://portableapps.com/news/2018-05-31--vlc-media-player-portable-3.0.3-released ( This version fixes a critical security issue in VLC.)
      https://portableapps.com/news/2018-05-06--vlc-media-player-portable-3.0.2-released (This version fixes a critical security issue in VLC. )
      https://portableapps.com/news/2018-03-21--vlc-media-player-portable-3.0.1-released (This version fixes a critical security issue in VLC.)

      1 Reply Last reply Reply Quote 0
      • T Offline
        Tom VulnDetect Team Member
        last edited by

        Unless some more tangible report comes out, then we will keep flagging 3.0.2, 3.0.3 and 3.0.4 as "OK", with 3.0.4 being the recommended version.

        But thank you for reporting this, in this time and age you can't just rely on vendors to report all issues, so when you see reports elsewhere, then please post here or send me a chat message and we will investigate.

        /Tom
        Download the latest SecTeer VulnDetect agent here:
        https://vulndetect.com/dl/secteerSetup.exe

        A 1 Reply Last reply Reply Quote 0
        • A Offline
          Anselm @Tom
          last edited by

          FYI:
          Common Vulnerabilities and Exposures (CVE):

          https://www.cvedetails.com/version-list/5842/9978/1/Videolan-Vlc-Media-Player.html

          https://www.cvedetails.com/product/9978/Videolan-Vlc-Media-Player.html?vendor_id=5842

          https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=VLC

          1 Reply Last reply Reply Quote 0
          • T Offline
            Tom VulnDetect Team Member
            last edited by

            😄

            Thank you.

            Yeah, well, as we discussed that, it seems that a guy has found a vuln in 3.0.4.

            So it is time to flag all versions as being "Insecure" 😞

            Let's hope a new release of VLC comes out one of the next days.

            CVE Details is a great site for getting some high level information about the history of a product.

            However, CVE itself, has seen better days, unfortunately a lot of vulns are assigned CVEs rather late and a lot never receives a CVE.

            Just look at yesterdays Chrome release, where some of the vulns are "To be allocated [a CVE]". That seems odd for such a significant app as Chrome:
            https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

            /Tom
            Download the latest SecTeer VulnDetect agent here:
            https://vulndetect.com/dl/secteerSetup.exe

            1 Reply Last reply Reply Quote 0
            • OLLI_SO Offline
              OLLI_S Community Moderator
              last edited by

              Tom, is the issue solved (after you flagged all versions as being "Insecure")?

              1 Reply Last reply Reply Quote 0
              • A Offline
                Anselm
                last edited by

                @Tom says, 3.0.2, 3.0.3, 3.0.4 are not insecure, but 3.0.4 is recommended . I only found an information, that 3.0.1 is insecure.

                T 1 Reply Last reply Reply Quote 0
                • T Offline
                  Tom VulnDetect Team Member @Anselm
                  last edited by

                  @Anselm See this:
                  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19857

                  /Tom
                  Download the latest SecTeer VulnDetect agent here:
                  https://vulndetect.com/dl/secteerSetup.exe

                  A 1 Reply Last reply Reply Quote 1
                  • A Offline
                    Anselm @Tom
                    last edited by

                    @Tom OK, i did not see it at cve.mitre.org using the search.

                    A 1 Reply Last reply Reply Quote 0
                    • A Offline
                      Anselm @Anselm
                      last edited by

                      @Anselm Correction: OK, i did not see it yesterday at cve.mitre.org using the search. But now i knew why:
                      Date Entry Created
                      20181205

                      T 1 Reply Last reply Reply Quote 0
                      • T Offline
                        Tom VulnDetect Team Member @Anselm
                        last edited by

                        @Anselm VLC 3.0.5 is out

                        /Tom
                        Download the latest SecTeer VulnDetect agent here:
                        https://vulndetect.com/dl/secteerSetup.exe

                        A G 2 Replies Last reply Reply Quote 0
                        • A Offline
                          Anselm @Tom
                          last edited by

                          @Tom Thank you, I updated it yesterday 😉

                          1 Reply Last reply Reply Quote 0
                          • G Offline
                            GregAlexandre @Tom
                            last edited by

                            @Tom
                            From changelog 3.0.4 to 3.0.5
                            "Update numerous 3rd party libraries, including for minor security issues"

                            This subject could be close.

                            Thanks a lot Tom.

                            1 Reply Last reply Reply Quote 0
                            • OLLI_SO Offline
                              OLLI_S Community Moderator
                              last edited by

                              @GregAlexandre OK, then I mark the topic as Solved

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                              Please see our Privacy and Data Processing Policy
                              Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                              Forum software by NodeBB