Forum Thread: Secunia PSI misses to detect vulnerable git version

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
beinhart Secunia PSI misses to detect vulnerable git version
Member 30th Nov, 2017 09:16
Ranking: 0
Posts: 1
User Since: 30th Nov, 2017
System Score: N/A
Location: DE
Last edited on 30th Nov, 2017 09:17

On two PCs I have MS Visual Studio 2017 with git support installed. PSI warns me that the files
C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\CommonExtensi ons\Microsoft\TeamFoundation\Team Explorer\Git\cmd\git.exe
C:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\Common7\IDE\CommonExtensi ons\Microsoft\TeamFoundation\Team Explorer\Git\mingw32\bin\git.exe
have the vulnerable Version 2.12.2.

On a third PC the same MS Visual Studio 2017 with git support ist installed, but also git (standalone) and smartgit. On this PC Secunia PSI says that git is up-to-date. In the details it says that there are
3 git.exe with version 2.14.2 in C:\Program Files (x86)\git
2 git.exe with version 2.12.2 in C:\Program Files (x86)\Microsoft Visual Studio\... and
4 git.exe with version 2.14.1 in C:\Program Files (x86)\SmartGit.

It looks as if Secunia thinks that if at least one file is up-to-date then all files are up-to-date. It should be the other way round - if one file is too old, then the whole program is too old.

Regards,
Werner

No one has replied to this thread yet - be the first
This thread has been marked as locked.