• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login
SecTeer VulnDetect & PatchPro Support Forum VulnDetect
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login

[Solved] GIMP - 2.10.4 - Possible False Positive

Scheduled Pinned Locked Moved Solved Detection Issues
7 Posts 3 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z Offline
    Zian
    last edited by OLLI_S 12 May 2018, 19:56 15 Aug 2018, 05:53

    https://www.gimp.org/downloads/ says that the current stable release is "2.10.4" but CARMA shows the application as "Unsafe" while indicating that the installed version is "2.10.4".

    1 Reply Last reply Reply Quote 0
    • T Offline
      Tom VulnDetect Team Member
      last edited by 15 Aug 2018, 07:02

      Hi Zian,
      Thanks for reporting this.
      This is a known issue, if you read this post:
      https://vulndetect.org/post/1310

      However, GIMP seems to be vulnerable to this old vuln:
CVE-2017-17789 in file-psp.exe
There is no immediate announcements or entries in the changelog about this being fixed.

      As soon as we get some pointer to a changelog or other statement about this being fixed in a specific version, then we will update the rules to reflect this.

      /Tom
      Download the latest SecTeer VulnDetect agent here:
      https://vulndetect.com/dl/secteerSetup.exe

      1 Reply Last reply Reply Quote 1
      • O Offline
        OLLI_S Community Moderator
        last edited by OLLI_S 15 Aug 2018, 10:17

        @Zian There are two suggestions in this forum related to such issues:

        • Show Reason for Unsafe Status
        • New Status "Outdated" (for non-security updates)

        Feel free to comment and vote on those suggestions.

        1 Reply Last reply Reply Quote 0
        • T Offline
          Tom VulnDetect Team Member
          last edited by 4 Dec 2018, 12:12

          We found evidence that this is indeed fixed, state has been updated to reflect this

          /Tom
          Download the latest SecTeer VulnDetect agent here:
          https://vulndetect.com/dl/secteerSetup.exe

          1 Reply Last reply Reply Quote 0
          • O Offline
            OLLI_S Community Moderator
            last edited by 4 Dec 2018, 20:19

            So is this issue fixed now?

            T 1 Reply Last reply 5 Dec 2018, 13:15 Reply Quote 0
            • T Offline
              Tom VulnDetect Team Member @OLLI_S
              last edited by 5 Dec 2018, 13:15

              @OLLI_S
              Yes

              /Tom
              Download the latest SecTeer VulnDetect agent here:
              https://vulndetect.com/dl/secteerSetup.exe

              1 Reply Last reply Reply Quote 0
              • O Offline
                OLLI_S Community Moderator
                last edited by 5 Dec 2018, 19:56

                Then I mark it as solved.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                Please see our Privacy and Data Processing Policy
                Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                Forum software by NodeBB