Forum Thread: Git update does not register in PSI

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Zazula Git update does not register in PSI
Member 20th Mar, 2016 09:32
Ranking: 0
Posts: 6
User Since: 14th Oct, 2009
System Score: N/A
Location: GR
Last edited on 20th Mar, 2016 09:32

I got a warning for my Git 2.x (64bit) according to https://secunia.com/advisories/69573 (SA69573); mine was 2.7.0 and had to be updated to 2.7.1.

Since the current Git version is 2.7.4, I upgraded to that (in fact I upgraded first to 2.7.3, had this issue I'm reporting, re-updated to 2.7.4, and had it still). Please keep in mind that Git Installer first uninstalls the previous version, and then installs the new one.

HOWEVER, PSI insists I still have Git 2.7.0... and from one instance of it, I've now moved to 4 (with 2.7.3) and then to 141 with 2.7.4 (YES, one-hundred-forty-one)!

The newly installed executables show "File Version: 2.7.0.0", and "Product Version: 2.7.4.windows.1". Please advise.

Maurice Joyce RE: Git update does not register in PSI
Handling Contributor 20th Mar, 2016 12:30
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It looks like Flexera PSI is 100% correct and the developer of GIT needs to update the file signatures to the latest version released.

I downloaded the latest GIT version using this link: https://git-for-windows.github.io/

I then ran a full PSI scan which revealed this detail:

https://1ncuig-ch3302.files.1drv.com/y3pEC8uViE8iG...

I followed the trail to Windows Explorer to verify what file PSI was checking - it is correct and proves that the vendor is naming version 2.7.4 as 2.7.0 which is misleading.

https://1ncuig-ch3302.files.1drv.com/y3pB2V0lW5o0n...

If you want Flexera PSI to monitor your version of GIT you need to persuade the developer to update the file signature data. Flexera will not do it for you.

Hope this helps.



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Zazula RE: Git update does not register in PSI
Member 23rd Mar, 2016 04:20
Score: 0
Posts: 6
User Since: 14th Oct 2009
System Score: N/A
Location: GR
Yes, this is what I mentioned myself in the opening post, as well.
So, I gather you can't check the "Product Version" attribute in lieu of the "File Version" one, correct?
Was this reply relevant?
+0
-0
Maurice Joyce RE: Git update does not register in PSI
Handling Contributor 23rd Mar, 2016 10:17
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Correct - hence you need to persuade the developer to update the exe file signature (meta data) for PSI to report on it accurately.

This official explanation might help if you intend contacting the GIT developer. As previously advised the Flexera staff will not do this for you or alter their stance on how they report.


"The Flexera PSI takes a different approach compared to other scanners by conducting authenticated scans of systems. This makes it possible for the Flexera PSI to identify all installed programs and plug-ins based on the actual files present on the system.

The Flexera PSI correlates program meta data with Flexera's comprehensive product database to build an inventory of the installed programs and plug-ins. This inventory is then correlated with vulnerability meta data based on the Flexera Vulnerability Intelligence."


--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Zazula RE: Git update does not register in PSI
Member 23rd Mar, 2016 10:23
Score: 0
Posts: 6
User Since: 14th Oct 2009
System Score: N/A
Location: GR
Thank you, Maurice Joyce.
Was this reply relevant?
+0
-0

This thread has been marked as locked.