Forum Thread: GTK+ 2.x

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
MikePerry GTK+ 2.x
Member 6th Sep, 2011 13:05
Ranking: -3
Posts: 21
User Since: 24th Feb, 2011
System Score: N/A
Location: UK
I've had a scan result showing the GTK+ version 2.16.0 is a security risk and is superceded by version 2.24.0. However, the only presence of GTK on my PC is associated with The Gimp, which is the very latest version available from them. It uses GTK+ 2.16.0 and does not work with any later version of GTK+. Only when The Gimp is rebuilt using a later library can it be installed and not reported by PSI.
We users cannot do that rebuild, unless we have ALL of the source coded needed. So Secunia should be communicating with the developers so they can update their build and not giving 'end users' what are, in effect, false positives and causing unnecessary worry or concern.
The only 'work around' currently availabe is to ignore the library associated withnthe application - but that is not totally safe.
So, Secunia, what are you going to do to prevent this error?

stax142 RE: GTK+ 2.x
Member 9th Sep, 2011 13:44
Score: 0
Posts: 3
User Since: 14th Feb 2011
System Score: N/A
Location: N/A
Yes, I'm having the same problem but with Easus Partition Manager. As it's freeware and I don't use it very often I've removed it to maintain a 100% Secunia score but Secunia should, I think, sort it out with the vendor.
Was this reply relevant?
+0
-0
This user no longer exists RE: GTK+ 2.x
Member 9th Sep, 2011 13:48
Last edited on 9th Sep, 2011 13:49 Hi,

When you notice this issue, can you post the debug report on the forum? We can the correct the detection, and check the app for Insecure Library Loading vulnerabilities.

Hope this helps.
Was this reply relevant?
+0
-0
MikePerry RE: GTK+ 2.x
Member 9th Sep, 2011 17:13
Score: -3
Posts: 21
User Since: 24th Feb 2011
System Score: N/A
Location: UK
Fine as far as it goes! But where do we get the debug report from and where in the forum do we post it?

It would seem that there are other applications built using GTK+ that are being falsely detected as in error, so I feel Secunia should check themselves and update the way PSI detects it.

Was this reply relevant?
+0
-0
throkr. RE: GTK+ 2.x
Contributor 9th Sep, 2011 20:59
Score: 139
Posts: 137
User Since: 22nd Nov 2009
System Score: N/A
Location: BE
Last edited on 9th Sep, 2011 21:03
Hi MikePerry,

You can post the "Troubleshoot Report" on the forum and here's the way to get it (see point 18) :

http://secunia.com/vulnerability_scanning/personal...


--
Win 10 Pro x64

Malwarebytes Premium - Windows Defender - SAS Pro - Flexera PSI
Cyberfox (x64) - Waterfox (x64) - SRWare Iron (x64)

- All current versions & updates -
Was this reply relevant?
+2
-0

This thread has been marked as locked.