[QGIS-Developer] Potential Security Issue with latest OSGeo4W release
Régis Haubourg
regis.haubourg at gmail.com
Wed Nov 27 22:57:34 PST 2024
Hi all.
If you have a serious doubt about security please use the security channel.
We have such disclosures every week there. Jürgen is doing a wonderful job keeping osgeo4w up to date on each real CVE found.
I that case, I suspect a false positive, given the bayesian nature of most scanner tools. However, we will need to check the whole chain of course.
If anyone finds something upstream in grass or geom libraries, please tell. The XZ attacks shows that binaries can be affected with really advanced social engineering techniques.
The surface of attack of geom library is not wide, so this is less likely to be the case.
Régis
Le 28 novembre 2024 02:41:15 GMT+01:00, C Hamilton via QGIS-Developer <qgis-developer at lists.osgeo.org> a écrit :
>I just installed the latest QGIS versions of the OSGeo4W installer. I
>received a warning saying, "We moved libgrass_parson.8.4.dll to your
>Quarantine because it was infected with Win64:Evo-gen[Trj]"
>
>Whether that dll is being used in a legitimate way, in today's age this is
>an issue and should be looked at.
>
>Thanks,
>Calvin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20241128/46b0997c/attachment.htm>
More information about the QGIS-Developer
mailing list