<div dir="ltr"><div class="gmail_quote"><div dir="ltr">




















<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-family:"Calibri",sans-serif">
Hello QGI's team,<br><br>We have an important question regarding a recent vulnerability [ CVE-2023-36664 ] affecting Ghostscript<br><br><a href="https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability">https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability</a><br><br><a href="https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betreff-LibreOffice-und-mehr-9215627.html">https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betreff-LibreOffice-und-mehr-9215627.html</a><br><a href="https://www.borncity.com/blog/2023/07/13/critical-rce-vulnerability-cve-2023-36664-in-ghostscript-endangered-systems/">https://www.borncity.com/blog/2023/07/13/critical-rce-vulnerability-cve-2023-36664-in-ghostscript-endangered-systems/</a><br><br> <br>There are also corresponding GS libraries in #QGIS 3.28.4.<br><br>Now how can I fix the above vulnerability or is there no concern for QGis?<br><br> Thank you in advance for your efforts.<br>Best regards<br><br>Ronny

</p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-family:"Calibri",sans-serif"><font style="font-family:times new roman,serif" size="2"><br></font></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-family:"Calibri",sans-serif"><font style="font-family:times new roman,serif" size="2"><br></font></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-family:"Calibri",sans-serif"><font style="font-family:times new roman,serif" size="2"><br></font></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-family:"Calibri",sans-serif"><font style="font-family:times new roman,serif" size="2"><br></font></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-family:"Calibri",sans-serif"><font style="font-family:times new roman,serif" size="2">###### Hallo QGIs Team,<span></span></font></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt"><font style="font-family:times new roman,serif" size="2"><span> </span></font></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><font style="font-family:times new roman,serif" size="2">wir haben ein wichtige Frage zu einer aktuellen Sicherheitslücke
[ CVE-2023-36664 ], die im Zusammenhang mit Ghostscript auftritt </font><a href="https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betrifft-LibreOffice-und-mehr-9215627.html" style="color:rgb(5,99,193);text-decoration:underline" target="_blank"><br></a></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><br></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif">
<a href="https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability">https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability</a> <br></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><a href="https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betrifft-LibreOffice-und-mehr-9215627.html" style="color:rgb(5,99,193);text-decoration:underline" target="_blank"><br>https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscript-betrifft-LibreOffice-und-mehr-9215627.html</a><span>  </span><br><a href="https://www.borncity.com/blog/2023/07/13/kritische-rce-schwachstelle-cve-2023-36664-in-ghostscript-bedroht-systeme/" style="color:rgb(5,99,193);text-decoration:underline" target="_blank">https://www.borncity.com/blog/2023/07/13/kritische-rce-schwachstelle-cve-2023-36664-in-ghostscript-bedroht-systeme/</a><span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span> </span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt"><span style="font-family:times new roman,serif;color:rgb(0,0,0)">In der <b>#QGIS</b> 3.28.4 gibt
es auch entsprechende GS Bibliotheken.  <br><br>Wie kann ich jetzt die oben genannte
Sicherheitslücke schließen oder gibt es für QGis keine Bedenken?<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt"><span style="font-family:times new roman,serif;color:rgb(0,0,0)"><span> </span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt"><span style="font-family:times new roman,serif;color:rgb(0,0,0)">Vielen Dank im Voraus für eure Bemühungen.<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt"><span style="font-family:times new roman,serif;color:rgb(0,0,0)"><span> </span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt"><span style="font-family:times new roman,serif;color:rgb(0,0,0)">Viele Grüße<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt"><span style="font-family:times new roman,serif;color:rgb(0,0,0)"><span> </span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt"><span style="font-family:times new roman,serif;color:rgb(0,0,0)">Ronny<span></span></span></p>

<p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:"Calibri",sans-serif"><span style="font-family:times new roman,serif;color:rgb(0,0,0)"><span> </span></span></p>





</div>
</div></div>