[Solved] VLC 3.0.11 not detected as unsecure without available patch
-
Hi,
At this time (2021-01-16) VLC 3.0.11 is known to be unsecure without available patch: https://nvd.nist.gov/vuln/detail/CVE-2020-26664 .
Vulndetect does not display it as unsecure and does not states that there is no available patch.Hope this helps.
Regards.
-
@GregAlexandre Thank you.
It appears that they do have a fix in the pipeline:
https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8cFor some reason they haven't released 3.0.12 yet.
We have flagged 3.0.11 as Insecure and will closely monitor the release of 3.0.12.
-
Earlier today the installer for 3.0.12 was released, and short time ago the security page was updated. However, the actual VideoLAN advisory, is still 404.
Anyway, the rule is updated and a package is available, and the first users and customers has applied the updated version.
Again, thank you for reporting this.
-
@VulnDetect & @Tom & @OLLI_S : Fixed
Can be moved to "solved issue".
Thanks. -
OK, then I mark this issue as solved.
