Hi,
Synopsys Protecode SC is reporting 8 Vulnerabilities in the current (and nightly) windows build of Filezilla.
Component Libpng 1.6.2 has 7, and expat 2.1.1 has 1.
CVE Date CVSS Type
CVE-2014-9495 2015-01-10 10 Exact match
CVE-2016-3751 2016-07-11 7.5 Exact match
CVE-2015-8472 2016-01-21 7.5 Exact match
CVE-2015-8126 2015-11-13 7.5 Exact match
CVE-2015-0973 2015-01-18 7.5 Exact match
CVE-2014-0333 2014-02-27 5 Exact match
CVE-2013-6954 2014-01-12 5 Exact match
CVE Date CVSS Type
CVE-2016-4472 2016-06-30 6.8 Exact match
Both of those components have newer versions.
Would like to re-test with the newer components.
Thanks
Current builds have 8 known security vulnerabilities
Moderator: Project members
Re: Current builds have 8 known security vulnerabilities
FileZilla uses wxWidgets which bundles these libraries. You need to report vulnerabilities in wxWidgets to the wxWidgets bug tracker: http://trac.wxwidgets.org/
These vulnerabilities do not affect FileZilla, it does not deal with PNG or XML files from untrusted sources.
These vulnerabilities do not affect FileZilla, it does not deal with PNG or XML files from untrusted sources.
Re: Current builds have 8 known security vulnerabilities
Thanks,
I filed a ticket over there and it is in moderation.
I filed a ticket over there and it is in moderation.
Re: Current builds have 8 known security vulnerabilities
WxWidgets trouble ticket system is indicating that they upgraded the version of libpng 7 months ago.
Can you not consume their latest version?
Can you not consume their latest version?
Re: Current builds have 8 known security vulnerabilities
They have only updated it in unstable development versions that aren't fit for production. They did not update it in the stable branch.
As a matter of fact I'm already using the latest snapshots of the stable branch which haven't been released yet.
As a matter of fact I'm already using the latest snapshots of the stable branch which haven't been released yet.