igor0
25
I didn’t say that. As said before, we are not aware of any “overlooked exploit”. Assuming that you know better just by reading the change log… well, I’m not gonna argue with that.
The funny thing is that there are tens of libraries compiled inside of the code (say ZLIB, BZIP2 and similar) - and nobody is worried about those being the latest versions, even though they are definitely riskier than this one (because they are processing the potentially evil scanned files) - because nobody knows about them (isn’t notified by PSI, if you wish). And then one executable, detected probably by something as weak as the version info (here I’m guessing, I admit) suddenly becomes a problem.
[Disclaimer: of course we are keeping the important libraries up-to-date - I’m just trying to show the point.]