Forum Thread: PSI misses old versions of 7-zip

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as resolved.
ackhh PSI misses old versions of 7-zip
Member 10th Mar, 2010 12:58
Ranking: 3
Posts: 6
User Since: 10th Mar, 2010
System Score: N/A
Location: DE
I'm using 7-Zip version 465 on Win XPP SP3.

Also installed are nLite and Universal Extractor.
These programs include 7-Zip version 442 and 457 respectively.

Secunia does NOT warn about the old versions.

Post "RE: PSI misses old versions of 7-zip" has been selected as an answer.
This user no longer exists RE: PSI misses old versions of 7-zip
Secunia Official 10th Mar, 2010 14:33
Hi

Secunia only tracks security updates, meaning our software will not prompt you to install a newer version if it only contains new features or bug fixes.

ackhh RE: PSI misses old versions of 7-zip
Member 10th Mar, 2010 15:52
Score: 3
Posts: 6
User Since: 10th Mar 2010
System Score: N/A
Location: DE
Last edited on 10th Mar, 2010 15:52
on 10th Mar, 2010 14:33, wrote:
Hi

Secunia only tracks security updates, meaning our software will not prompt you to install a newer version if it only contains new features or bug fixes.

According to PSI, older versions of 7-zip ARE a security risk.
Indicated status for v.465 = removed risk category 3
Was this reply relevant?
+0
-0
This user no longer exists RE: PSI misses old versions of 7-zip
Secunia Official 10th Mar, 2010 16:00
I can see that the the latest security patch was in 4.57 according to:
http://secunia.com/advisories/29434/

Is the PSI detecting the other versions at all? or is it just not flagging versions prior to 4.57 as insecure?
ackhh RE: PSI misses old versions of 7-zip
Member 10th Mar, 2010 17:12
Score: 3
Posts: 6
User Since: 10th Mar 2010
System Score: N/A
Location: DE
on 10th Mar, 2010 16:00, wrote:
Is the PSI detecting the other versions at all? or is it just not flagging versions prior to 4.57 as insecure?

The other versions are not detected.

Thanks for your efforts.
Was this reply relevant?
+0
-0
This user no longer exists RE: PSI misses old versions of 7-zip
Secunia Official 11th Mar, 2010 08:11
Could i ask you to post the path of the 7-zip folders?

Thank you.
ackhh RE: PSI misses old versions of 7-zip
Member 11th Mar, 2010 18:45
Score: 3
Posts: 6
User Since: 10th Mar 2010
System Score: N/A
Location: DE
7-Zip:
C:\Programme\7-Zip
7z.dll,7z.exe,7-zip.dll

nLite:
C:\Programme\nLite
7z.exe

Universal Extractor:
C:\Programme\Universal Extractor\bin
7z.dll,7z.exe
Was this reply relevant?
+0
-0
This user no longer exists RE: PSI misses old versions of 7-zip
Secunia Official 12th Mar, 2010 08:26
Hi again

We have excluded the detection of 7-zip if its included in other software.
The reason for this is that it's not possible to apply an update for it.
(The update will only apply to the "main" installation of 7-zip)

Instead, it's the vendors responsibility to make sure they use the patched version of the software they include in their own software.

I would recommend that you contact the vendor and let them know they should update their 7-zip component.

This thread has been marked as locked.