The answer is: Yes, the MSI installer does have the new, fixed
Ghostscript version.
To verify you can simply navigate to the bin directory and run the
gs.exe file in a CMD window. It will show you the version number.
Thanks jef!
Cheers, Hannes
Am 27.07.23 um 09:35 schrieb Johannes Kröger (W
Thank you for the quick response to the CVE and maintaining it all!
The download is taking a while and maybe the mailing list is quicker:
Does the latest MSI installer 3.32.1-1 already contain that new version?
Cheers, Hannes
Am 19.07.23 um 14:17 schrieb Jürgen E. Fischer via QGIS-User:
Hi A
Thank you very much for your answer.
Greetings
Ronny
Am Do., 20. Juli 2023 um 09:56 Uhr schrieb Andreas Neumann <
a.neum...@carto.net>:
> Dear Ronny,
>
> I am adding the mailing list again.
>
> Jürgen Fischer (the packager for Windows and Ubuntu) informed you that
> OSGeo4W is already patched:
Dear Ronny,
I am adding the mailing list again.
Jürgen Fischer (the packager for Windows and Ubuntu) informed you that
OSGeo4W is already patched:
https://lists.osgeo.org/pipermail/qgis-user/2023-July/053215.html
And also that ghostscript isn't necessary for QGIS, but a dependency of
GRASS.
Hi Jürgen,
Thanks for clarifying the situation. And for patching OSGeo4W quickly!
On my Windows system it wasn't installed, because we didn't install GRASS.
Greetings,
Andreas
On Wed, 19 Jul 2023 at 14:17, Jürgen E. Fischer via QGIS-User <
qgis-user@lists.osgeo.org> wrote:
> Hi Andreas,
>
> On
Hi Andreas,
On Wed, 19. Jul 2023 at 13:57:21 +0200, Andreas Neumann via QGIS-User wrote:
> How did you install QGIS? Through the OSGeo4W installer or with the
> standalone installer or .msi installer?
Both contain ghostscript as dependency of GRASS. OSGeo4W was updated to
10.01.2.
Jürgen
--
Hi Ronny,
What operating system are your refering to? QGIS on Windows? Mac? Linux?
QGIS doesn't use ghostscript and doesn't install ghostscript.
But you might have installed ghostscript through OSGeo4W. If there is
anything to patch, then it is in OSGeo4W and the various Linux and MacOS
distr
Ronny Kerlin via QGIS-User writes:
> We have an important question regarding a recent vulnerability [
> CVE-2023-36664 ] affecting Ghostscript
>
> There are also corresponding GS libraries in #QGIS 3.28.4.
qgis is source code. I just looked quickly, and did not find any
ghostscript. In the bi
Hello QGI's team,
We have an important question regarding a recent vulnerability [
CVE-2023-36664 ] affecting Ghostscript
https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
https://www.heise.de/news/Codeschmuggel-Luecke-in-Ghostscr