[Solved] VLC 3.0.11 not detected as unsecure without available patch

GregAlexandre · 16 Jan 2021, 11:34

Hi,
At this time (2021-01-16) VLC 3.0.11 is known to be unsecure without available patch: https://nvd.nist.gov/vuln/detail/CVE-2020-26664 .
Vulndetect does not display it as unsecure and does not states that there is no available patch.

Hope this helps.

Regards.

VulnDetect · 17 Jan 2021, 17:21

@GregAlexandre Thank you.

It appears that they do have a fix in the pipeline:
https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c

For some reason they haven't released 3.0.12 yet.

We have flagged 3.0.11 as Insecure and will closely monitor the release of 3.0.12.

VulnDetect · 18 Jan 2021, 16:45

Earlier today the installer for 3.0.12 was released, and short time ago the security page was updated. However, the actual VideoLAN advisory, is still 404.

Anyway, the rule is updated and a package is available, and the first users and customers has applied the updated version.

Again, thank you for reporting this.

GregAlexandre · 21 Jan 2021, 16:28

@VulnDetect & @Tom & @OLLI_S : Fixed
Can be moved to "solved issue".
Thanks.

OLLI_S · 17 Feb 2021, 20:09

OK, then I mark this issue as solved.