Forum Thread: VLC update

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
sunny1985 VLC update
Member 19th Feb, 2016 21:48
Ranking: 0
Posts: 8
User Since: 27th Aug, 2010
System Score: N/A
Location: US
There is another thread started on this, but I can't seem to reply. I just keep getting the message to log in. Secunia PSI says my VLC Media Player needs updating. The program says I have the latest update. I would have replied to the other thread if I could. This happened yesterday Feb. 18.

I have VLC version 2.2.1. Secunia PSI says I need version 2.2.2.


Maurice Joyce RE: VLC update
Handling Contributor 20th Feb, 2016 00:53
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
The advisory is here which states no update is available to patch the highly critical vulnerability in version 2.2.1

https://secunia.com/advisories/68728/

What information can you see that states updating to version 2.2.2 will clear this vulnerability? Does the scan result give you an update link?

Version 2.2.2 is available from the website here: http://www.videolan.org/vlc/ or you can get it from a scraper site like Filehippo

64 Bit - http://filehippo.com/download_vlc_64/

32 Bit - http://filehippo.com/download_vlc_32/


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
sunny1985 RE: VLC update
Member 20th Feb, 2016 02:51
Score: 0
Posts: 8
User Since: 27th Aug 2010
System Score: N/A
Location: US
Thanks for the advisories link. I honestly did not see it. Had a lot of trouble getting logged in and then trying to reply to the other post. Not sure what the problem was. I thus failed to check out other links here.

The Secunia PSI said it was updating, gave no link. But the updating wasn't working. I tried the VLC Viewer About and Help, and it said I had the latest program. I guess I should have pursued it further.

I downloaded it from the site so the Secunia PSI would stop trying to update.

Things seem okay now.
Was this reply relevant?
+0
-0
Maurice Joyce RE: VLC update
Handling Contributor 20th Feb, 2016 10:05
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
What you describe is very strange and confusing behaviour by Flexera PSI. Their advisory states that no patch exists to clear the vulnerability yet you are suggesting PSI is trying to auto update VLC.

PSI does not/should not highlight or auto update any programme update issued by a vendor for bug fixes or cosmetic changes only.

If after a full scan PSI states VLC is up to date I would challenge their advisory and check the VLC release notes include details about the vulnerability.

VLC and Flexera have "fallen out" in the past about the security status of VLC with users left wondering whether they were secure or not.

Hope this helps.



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0

Sorrati

RE: VLC update
[+]
This reply has been minimised due to a negative Relevancy Score.

This thread has been marked as locked.