Forum Thread: Update suggestion is made too complicated by the GTK+ developers

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
And, this specific program:
GTK+ 2.x

This thread has been marked as locked.
lexein Update suggestion is made too complicated by the GTK+ developers
Member 11th Jul, 2009 17:48
Ranking: 0
Posts: 8
User Since: 8th Jul, 2009
System Score: N/A
Location: N/A
Last edited on 19th Dec, 2009 19:13

In Advanced mode, Secunia PSI found several instances of GTK+ 2.x used by several applications, including GIMPShop.

The alert about GTK+ 2.x showed this link:
ftp://ftp.gtk.org/pub/gtk/v2.8/
Which leads to an exhaustive list of apparently every GTK+ component and version ever released, but no simple "v2.8" install!

This directory is closer
ftp://ftp.gtk.org/pub/gtk/v2.8/win32/
to the truth...

I've submitted a comment to the GTK+ forum and the GIMPShop forum requesting clarification if it's safe to update the GTK+ v2.x components used by an arbitrary application. I have not heard back. Both forums are moribund, and the GIMPshop forum is filled with spam on a daily basis.

Seems hopeless.

Update 12/19/2009
1. GimpShop appears to be a hack, and abandoned by its developer. Sigh.
2. As of December(?) Secunia has fixed the GTK+ update link, to point to the GTK+ release DLL ZIP file. So getting the updated DLLs is easy.
3. It's a manual update - copy the DLLs to every directory where used, except for apps using very old versions of GTK+. See post below.

spudz RE: Update suggestion is made too complicated by the GTK+ developers
Member 19th Dec, 2009 16:21
Score: 0
Posts: 6
User Since: 12th Dec 2009
System Score: N/A
Location: N/A
I simply copied/replaced the contents of the install directory (C:\Program Files\Common Files\GTK\2.0) with the files in the download zip. This worked for me and now shows patched :D
Was this reply relevant?
+0
-0
lexein RE: Update suggestion is made too complicated by the GTK+ developers
Member 19th Dec, 2009 18:52
Score: 0
Posts: 8
User Since: 8th Jul 2009
System Score: N/A
Location: N/A
Last edited on 19th Dec, 2009 19:02
Most win32 GTK+ apps install a local copy of the GTK+ dll set of the version used at their individual build time. My Win32 GTK+ apps seemed NOT to find the GTK+ DLLs when anywhere but local or in /windows/system32/ .

There are some binary incompatibilities between versions of GTK+ 2.x.x. Apps using older versions (<= 2.14.x?) can't necessarily be updated to the latest GTK+, until the app itself is updated by the developers.

Secunia found 5 different versions of libgdk-win32-2.0-0.dll in 6 unique locations in my system.

I did full app updates where possible, and none of them updated to the 2.18.x requested by Secunia CSI. After updating, only 3 were updateable to 2.18.x: the gtk.org website states 2.18.x "maintains binary compatibility with 2.16.x", so only these 3 apps were "safe" to update:
Gimp 2.0 2.16.x -> safe to update to 2.18.5
NMap/Zenmap 2.16.x -> safe to update to 2.18.5
Wireshark 2.16.x -> safe to update to 2.18.5

These three did not seem "safe":
K3D - 2.14.7
Gimpshop 2.6.9.0
Inkscape 2.14.7

GTK+Win(installer) 2.16 <--! Still not updated, see below. Not even sure who uses it.

I put "safe" in quotes, because the directory you mentioned,
/program files/common files/gtk/ as filled in by "GTK+ for Windows" is at 2.16.x in the current stable release, not 2.18.x BECAUSE
per http://gtk-win.sourceforge.net/home/index.php/en/H...
2009-12-01
...
You'll notice that it is still based on gtk+-2.16.6. This is
due a fact that, unfortunately, gtk+-2.18.x has some problems
under Windows (see bug #598299,
https://bugzilla.gnome.org/show_bug.cgi?id=598299
some other bugs too).
I will release a new version as
soon as these problems are resolved by GTK+ developers.


But I don't use alt skins, so I think(hope) this isn't a problem for me.


Was this reply relevant?
+0
-0
Stardance RE: Update suggestion is made too complicated by the GTK+ developers
Member 20th Dec, 2009 01:40
Score: 0
Posts: 4
User Since: 25th Mar 2009
System Score: N/A
Location: N/A
Secunia PSI reported the program GTK+ as "unpatched" and identified the insecure file as:

C:\Program Files\Wireshark\libgtk-win32-2.0-0.dll

This .DLL in the Wireshark root directory is also reported to be version 2.16.5 by its Windows XP NTFS Properties, and by Secunia PSI. This .DLL is also contained in gtk+_2.18.5-1_win32.zip, which is downloaded via Secunia PSI from ftp gnome. The one in the .ZIP file is version 2.18.5

However, when the above .DLL is extracted from the .ZIP file to the Wireshark root directory, the manifest in the .ZIP file causes the .DLL to be stored instead in the subdirectory Wireshark\bin.

So, Secunia PSI continued to report that GTK+ remained "unpatched" because the insecure version 2.16.5 of libgtk-win32-2.0-0.dll was not replaced. After I copied the one that was extracted into the Wireshark\bin subdirectory to the Wireshark root directory, replacing the existing .DLL, Secunia PSI reported the program GTK+ as "patched".

Also, I copied the following .DLLs from the \bin subdirectory to the Wireshark root:

libgdk_pixbuf-2.0-0.dll
libgdk-win32-2.0-0.dll

They are also version 2.18.5 and the ones that they replaced (which were installed with the most recent Wireshark update) were version 2.16.5. There are two .EXE files and another .DLL in the \bin subdirectory which I have not copied to the Wireshark root because they were not created there during the most recent Wireshark upgrade.

CAVEAT: I have yet to discover whether the actions that I have described cause any errors or problems in running Wireshark.
Was this reply relevant?
+0
-0
lexein RE: Update suggestion is made too complicated by the GTK+ developers
Member 20th Dec, 2009 04:27
Score: 0
Posts: 8
User Since: 8th Jul 2009
System Score: N/A
Location: N/A
Last edited on 21st Dec, 2009 03:08
1. In the Windows environment, it's best to manually copy the new DLL directly over the old one (after backing up the old one). Simple compressed file formats like ZIP, RAR, 7Z cannot automatically extract things into the right places.

It's unfortunate that the GTK+ .ZIP release file listing makes it look like there's a standard place to put DLLs; sorry, that's application dependent. In Windows, the only standard places for DLLs are same-as-the-app-directory or "%systemroot%"\system32\ - anything else (".\bin") is application dependent, (never dictated by the DLL developer).

2. Since the GTK+ .ZIP manifest doesn't (and can't) correspond to Windows' "standard" DLL placement, we'll just have to get used to cross-compiled apps having different schemas for dependencies' locations, which vary from app to app. We can either learn each app's peculiarities, or trust the original app developer, and wait for their full updates.

3. The GTK+ issue requiring update (according to Secunia) is vague, and
doesn't indicate any particular problem to be solved by 2.18.x.
I'm not saying it's a false positive. It's good to stay updated soon after minor update releases, or instantly for clearly understood security issues which relate directly to one's day-to-day usage.
In the case of GTK+ 2.18, Secunia may have
- jumped the gun, or
- prioritized a minor unspecified vulnerability over a known bug considered serious by one GTK+ Windows Installer packager, as noted above.

4. My first issue was about the difficulty of finding the correct GTK+ update at all (fixed now). My current issue is the mystery of which update really is best for a given cross-dev app.
I've concluded that it's an issue best left to the app developers. And the app dev forums.

In the case of GTK+ 2.18, I've updated my apps which currently use 2.16, and left the older ones alone.
[edited 12/20]
Was this reply relevant?
+0
-0
Stardance RE: Update suggestion is made too complicated by the GTK+ developers
Member 21st Dec, 2009 01:42
Score: 0
Posts: 4
User Since: 25th Mar 2009
System Score: N/A
Location: N/A
@lexein,

Personally, I was not complaining about anything, I just reported the facts of the situation as I found them to be. Secunia PSI did identify the specific GTK+ file in which, presumably, the vulnerability had been reported to them to exist, and disclosed its location and version. I obtained the .ZIP file that contained the update(s) by using the Secunia PSI Download Solution feature. As I understand it, you found the download to which Secunia originally pointed to be in error and Secunia corrected it, apparently before I used the feature.

As far as I know, Wireshark was developed as and fundamentally remains a 'nix application, which has been adapted to Windows mainly by enabling it to display output "in a window" and to obtain packets from WinPCap. I do not recall whether installing or updating either program alters the Windows Registry, but I doubt that it does. In my experience with them (not a lot), there is no "standard" location for much of anything on 'nix systems, but sometimes there is a "customary" one. MS-DOS was also a free-for-all with regard to installing and updating applications. So there is nothing odd or wholly unexpected by what I have encountered with regard to Wireshark and "patching" GTK+, except that I overlooked the manifest file the first time that I examined the .ZIP contents.

You are right that the Wireshark developers are ultimately responsible for updating their software, so whether a GTK+ .DLL has a security vulnerability is their concern. I don't know where Secunia obtained the information that the GTK+ .DLL has a vulnerability, but I have never had a reason to doubt them. Obtaining the appropriate update is not, however, as straightforward in a case like this one as it usually is. On that I hope we can both agree. :-)
Was this reply relevant?
+0
-0
lexein RE: Update suggestion is made too complicated by the GTK+ developers
Member 21st Dec, 2009 03:00
Score: 0
Posts: 8
User Since: 8th Jul 2009
System Score: N/A
Location: N/A
Last edited on 21st Dec, 2009 03:03
Of course. I should have said "report". Didn't intend anything personal. Revised.
Was this reply relevant?
+0
-0
metaed RE: Update suggestion is made too complicated by the GTK+ developers
Member 21st Dec, 2009 18:00
Score: 1
Posts: 110
User Since: 11th Feb 2009
System Score: N/A
Location: US
We have the choice to (1) uninstall applications that come with GTK+, or (2) pay no attention to this vulnerability, and wait until updates are available for those applications.

Based on what I know, I have chosen to pay no attention.

This GTK+ vulnerability* requires the would-be system cracker to (1) get you to run a program on your system which crashes your password-protected screen-saver, and then (2) sit down at your system and use your computer.

If a system cracker is actually able to do this, then you have a much more serious security problem than this vulnerability! That is why it is listed as a level 1 threat, "Not Critical".

I have three applications installed which come with GTK+. The following are the latest releases of these three applications for 32-bit Windows, with their GTK+ rev levels.

GTK+ 2.16.5.0 in GIMP 2.6.7
GTK+ 2.14.7.0 in Inkscape 0.47
GTK+ 2.14.7.0 in Pidgin 2.6.4

Eventually these apps will start using GTK+ 2.18.5.0 or later in future releases, I will install the releases, and Secunia will report the problem as patched.

Best wishes,

Edward

* as described at http://secunia.com/advisories/37852/

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0
metaed RE: Update suggestion is made too complicated by the GTK+ developers
Member 23rd Dec, 2009 18:13
Score: 1
Posts: 110
User Since: 11th Feb 2009
System Score: N/A
Location: US
I have sent the following feedback to Secunia.

Regarding Secunia Advisory SA37852.

GTK+ 2.18.x libraries older than 2.18.5 have the bug, but my information is that GTK+ 2.17 and earlier do not have it. My source for this information is comments on a GIMP bug report at this location:

https://bugzilla.gnome.org/show_bug.cgi?id=605310

Currently, pre-2.18 libraries are triggering an Insecure status in PSI. This should not happen.

Also, GTK+ is typically embedded in other software products. This advisory about a bug in the embedded library is creating confusion. Upgrading an embedded library is not something the typical user should be contemplating. But that is what is now being recommended by the advisory. Instead I suggest there should be an advisory for any product that has the bug embedded, with instructions (if they exist) for patching the product.

Best wishes,

Edward

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0
davidbassplayer RE: Update suggestion is made too complicated by the GTK+ developers
Member 24th Dec, 2009 01:30
Score: 2
Posts: 20
User Since: 13th Feb 2008
System Score: N/A
Location: N/A
The application of the patch for GDK recommended by PCI was a waste of time. Did the author of that "wizard" actually try it?

I use Gnu Solfege, version win32-3.14.10 which used the offending GDK library. Copying the files mentioned above resulted in Solfege failing to start. I uninstalled the the 3.14.10 version then installed the "development" version, solfege-win32-3.15.5, which apparetnly uses a version of GDK that PCI found to be safe.

This path will not necessarily be open to other programs that use GDK.
Was this reply relevant?
+0
-0
pupu RE: Update suggestion is made too complicated by the GTK+ developers
Member 24th Dec, 2009 10:19
Score: 0
Posts: 2
User Since: 1st Mar 2009
System Score: N/A
Location: N/A
According to http://developer.pidgin.im/ticket/11034 , GTK bundled with Pidgin doesn't need to be patched on Windows because it doesn't represent a threat. Newer version of GTK won't be bundled as well. I consider this warning useless for me, then.
Was this reply relevant?
+0
-0
Lady Fitzgerald RE: Update suggestion is made too complicated by the GTK+ developers
Member 24th Dec, 2009 12:33
Score: 0
Posts: 9
User Since: 11th Oct 2009
System Score: N/A
Location: N/A
[quote=t2266]2. As of December(?) Secunia has fixed the GTK+ update link, to point to the GTK+ release DLL ZIP file. So getting the updated DLLs is easy.

I ran that link today, Secunia reported it as being patched, yet nothing has changed and I'm still getting the #@$%! warning. Now what?
Was this reply relevant?
+0
-0
Stardance RE: Update suggestion is made too complicated by the GTK+ developers
Member 25th Dec, 2009 00:57
Score: 0
Posts: 4
User Since: 25th Mar 2009
System Score: N/A
Location: N/A
Last edited on 25th Dec, 2009 01:08
@Lady Fitzgerald

Perhaps the best advice is to wait until each of the applications which you are using that employ the GTK+ libraries are themselves updated. If the updates include version 18 of the GTK+ .DLL that Secunia PSI points out as containing a vulnerability, then its alert will go away. If it doesn't go away, you can use the Secunia PSI option to ignore the threat so that Secunia PSI does not continue to display the alert. (The option is the last one on the righthand end of the line of options at the bottom of the expanded GTK+ entry on the "Insecure Programs" list.)

That said: Secunia PSI declares that the "patch" has been installed if it finds the replacement file on the disk drive, but it continues to alert you that GTK+ is insecure because it also continues to find the file that contains the vulnerability. That is because the flawed file was not overwritten by the more recent version when the .ZIP file was unpacked. Probably, the replacement file was stored in a subdirectory of the directory in which you instructed PKZip to unpack the compressed file, and the name of that subdirectory is "bin" (without the quote marks). But the previous, flawed version is in the directory which now contains the subdirectory (.\bin).

So, you must manually copy the replacement file from the .\bin subdirectory to its parent directory and overwrite the existing file that has the vulnerability by doing that.

Then Secunia PSI should stop displaying the alert, but note that the file-replacement must be repeated for each location in which the vulnerable file is stored (which might be two or more locations if you use two or more programs that employ the GTK+ libraries).

Unfortunately, the "patch" might adversely affect the behavior of any program for which you replace the vulnerable file. That is why perhaps the best advice is to wait until the programs themselves are updated to see whether they install the replacement for the vulnerable GTK+ file. Personally, Wireshark is the only program that I run which employs the GTK+ libraries, so I installed the replacement file and Wireshark has not seemed to be affected by it.
Was this reply relevant?
+0
-0
whaler RE: Update suggestion is made too complicated by the GTK+ developers
Member 25th Dec, 2009 03:10
Score: 0
Posts: 18
User Since: 25th May 2009
System Score: N/A
Location: N/A
Last edited on 25th Dec, 2009 03:13
In regard to the post from Stardance on 12/21 I just wanted to say that while I share your admiration for Secunia and believe they provide one of the best services available on the internet, free or otherwise, They aren't perfect nor should we expect perfection unless of course we are perfect. I'm not, so I don't. I'm referring to a line in which you said Secunia says it, so it must be true. I'm paraphrasing, but that seemed to be the gist of it. They do make errors although not often, and generally they correct the errors very quickly. This is more than I expect any company to do especially for free. I wouldn't have a computer that wasn't equipped with Secunia, but I can't go as far as believing they're infallable. If you disagree which you certainly have the right to do, read this thread. http://secunia.com/community/forum/thread/show/314...
Skip the 3rd long,long entry because the writer, Mr. Sticks made a second entry that makes the long one unnecessary. Happy Holidays to all who read this and to those who don't as well. I guess that's everyone, huh?

whaler
Was this reply relevant?
+0
-0
Lady Fitzgerald RE: Update suggestion is made too complicated by the GTK+ developers
Member 25th Dec, 2009 16:54
Score: 0
Posts: 9
User Since: 11th Oct 2009
System Score: N/A
Location: N/A
Last edited on 25th Dec, 2009 16:56
deleted
Was this reply relevant?
+0
-0
johnlgalt RE: Update suggestion is made too complicated by the GTK+ developers
Member 27th Dec, 2009 21:08
Score: 0
Posts: 16
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
This solution works well enough for 32bit programs.

However, for 64bit programs, it gets tricky - the reason being that at http://www.gtk.org/download-windows-64bit.html the only version available (at this writing) for 64bit applications is still 2.16.6.

If you're using a 64bit app, you're kind of stuck, for now, until GTK+ 64bit gets updated to the current version.

See my post at http://secunia.com/community/forum/thread/show/323...
Was this reply relevant?
+0
-0
Piter Jack RE: Update suggestion is made too complicated by the GTK+ developers
Member 30th Dec, 2009 11:27
Score: 0
Posts: 1
User Since: 14th Dec 2009
System Score: N/A
Location: N/A
Last edited on 30th Dec, 2009 11:58
Hi
I see this
http://ftp.acc.umu.se/pub/gnome/binaries/win64/gtk...
link.
This is the latest build for 64-bit and i don't know what is insecured programs gtk
Was this reply relevant?
+0
-0
This user no longer exists RE: Update suggestion is made too complicated by the GTK+ developers
Secunia Official 30th Dec, 2009 12:12
Last edited on 30th Dec, 2009 12:16 Hi

As far as i can see, the 64bit version of GTK+ is considered experimental

"Experimental
Note that these 64-bit packages are experimental. Binary compatibility between versions is not guaranteed."


64bit program users would either have to wait for a patched 64bit GTK+ or install the 32bit version of the program instead.
johnlgalt RE: Update suggestion is made too complicated by the GTK+ developers
Member 30th Dec, 2009 19:27
Score: 0
Posts: 16
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
True - or else set a temporary ignore on said .DLL in said app.
Was this reply relevant?
+0
-0
johnlgalt RE: Update suggestion is made too complicated by the GTK+ developers
Member 30th Dec, 2009 19:45
Score: 0
Posts: 16
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
Last edited on 30th Dec, 2009 19:45
Unfortunately, Piter, that version, too, is reported by PSI as being insecure.
Was this reply relevant?
+0
-0
meintower RE: Update suggestion is made too complicated by the GTK+ developers
Member 1st Jan, 2010 12:46
Score: 0
Posts: 41
User Since: 18th Feb 2009
System Score: N/A
Location: N/A
on 25th Dec, 2009 03:10, whaler wrote:
In regard to the post from Stardance on 12/21 I just wanted to say that while I share your admiration for Secunia and believe they provide one of the best services available on the internet, free or otherwise, They aren't perfect nor should we expect perfection unless of course we are perfect. I'm not, so I don't. I'm referring to a line in which you said Secunia says it, so it must be true. I'm paraphrasing, but that seemed to be the gist of it. They do make errors although not often, and generally they correct the errors very quickly. This is more than I expect any company to do especially for free. I wouldn't have a computer that wasn't equipped with Secunia, but I can't go as far as believing they're infallable. If you disagree which you certainly have the right to do, read this thread. http://secunia.com/community/forum/thread/show/314...
Skip the 3rd long,long entry because the writer, Mr. Sticks made a second entry that makes the long one unnecessary. Happy Holidays to all who read this and to those who don't as well. I guess that's everyone, huh?

whaler

Happy New Year to you!I must say that you prove to be a master of literary style in this post.I'd envy you but ,as we are still in this holy-day period I'll try to restrain myself and turn the envy into admiration... In the hope that this wouldn't damage my karma(which is not such a great motivation,I know).

--
meintower
Was this reply relevant?
+0
-0
Stardance RE: Update suggestion is made too complicated by the GTK+ developers
Member 2nd Jan, 2010 03:47
Score: 0
Posts: 4
User Since: 25th Mar 2009
System Score: N/A
Location: N/A
Last edited on 2nd Jan, 2010 03:53
@whaler and company:

I wrote ONE sentence, inside the last paragraph of the post in which I wrote it, which you were apparently unwilling to quote in your remarks because it would make your critique look ridiculous, but here it is:

".... I don't know where Secunia obtained the information that the GTK+ .DLL has a vulnerability, but I have never had a reason to doubt them. ...."

At the end of the first paragraph of that same post, I noted lexein's previous remarks that Secunia PSI initially pointed to a library file that was not the one in which the vulnerability was remedied. None of my remarks have said or implied that Secunia is "perfect", only that I have never had a reason (yet) to doubt them, i.e., when PSI reports a vulnerability. It may be an insignificant vulnerability in this case, but it is there.

Your remarks contribute nothing to updating GTK+, and belong to some other discussion. Why don't you start one on the errors that Secunia makes? Please quit wasting our time here! Enough said!
Was this reply relevant?
+0
-0
johnlgalt RE: Update suggestion is made too complicated by the GTK+ developers
Member 2nd Jan, 2010 21:52
Score: 0
Posts: 16
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
Last edited on 2nd Jan, 2010 21:53
It seems you are hoist with your own petard, Stardancer.

You said:

on 2nd Jan, 2010 03:47, Stardance wrote:
@whaler and company:

I wrote ONE sentence, inside the last paragraph of the post in which I wrote it, which you were apparently unwilling to quote in your remarks because it would make your critique look ridiculous, but here it is:


And yet you did the very same thing. B/c Whaler wrote

on 25th Dec, 2009 03:10, whaler wrote:
I'm paraphrasing, but that seemed to be the gist of it.


A simple "That is not what I meant" would have sufficed. No need for a rant, now, was there?

Now that the chest thumping and the holier than thou attitudes have been laid to rest, can we forget about the validity of the Secunia perfection statements (or lack thereof) and get back to the issue at hand?
Was this reply relevant?
+0
-0
mrgames2 RE: Update suggestion is made too complicated by the GTK+ developers
Member 22nd Jan, 2010 13:41
Score: 37
Posts: 12
User Since: 27th Jun 2009
System Score: N/A
Location: N/A
I submitted a bug report to the GIMP developers today via Bugzilla. I too have tried to update the GTK version with the zip provided several times with no luck. Hopefully they will provide a solution or new version soon.
Was this reply relevant?
+0
-0
johnlgalt RE: Update suggestion is made too complicated by the GTK+ developers
Member 26th Jan, 2010 00:37
Score: 0
Posts: 16
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
on 22nd Jan, 2010 13:41, mrgames2 wrote:
I submitted a bug report to the GIMP developers today via Bugzilla. I too have tried to update the GTK version with the zip provided several times with no luck. Hopefully they will provide a solution or new version soon.


Unfortunately,, as noted above, the problem is not with GIMP, either, but in the underlying library files of GTK 64bit.

Near as I can tell, the newest version, compiled around 28 Oct 2009, is still showing as being vulnerable in Secunia.

For now, I have simply instructed PSI to ignore that particular set of .DLLs and hope that someone will come along and compile newer versions of the GTK+ library files for 64bit users.
Was this reply relevant?
+0
-0
metaed RE: Update suggestion is made too complicated by the GTK+ developers
Member 26th Jan, 2010 16:55
Score: 1
Posts: 110
User Since: 11th Feb 2009
System Score: N/A
Location: US
Secunia have apparently fixed the problem. I have just run a full scan and the same GTK+ libraries which previously came up as Insecure status now show as Patched.

--
Sometimes they fool you by walking upright.
Was this reply relevant?
+0
-0
johnlgalt RE: Update suggestion is made too complicated by the GTK+ developers
Member 27th Jan, 2010 00:28
Score: 0
Posts: 16
User Since: 21st Feb 2008
System Score: N/A
Location: N/A
Last edited on 27th Jan, 2010 00:28
on 26th Jan, 2010 16:55, metaed wrote:
Secunia have apparently fixed the problem. I have just run a full scan and the same GTK+ libraries which previously came up as Insecure status now show as Patched.


Verified. I deleted my rule ignoring that mentioned .DLL, then went to the insecure tab and sure enough it was there again - I re-scanned and it registered as having been 'patched' and 'fixed'.

Now this thread can mercifully get some peace and rest :P

Thanks, Secunia!
Was this reply relevant?
+0
-0

This thread has been marked as locked.