Hi all. If you have a serious doubt about security please use the security channel. We have such disclosures every week there. Jürgen is doing a wonderful job keeping osgeo4w up to date on each real CVE found. I that case, I suspect a false positive, given the bayesian nature of most scanner tools. However, we will need to check the whole chain of course. If anyone finds something upstream in grass or geom libraries, please tell. The XZ attacks shows that binaries can be affected with really advanced social engineering techniques. The surface of attack of geom library is not wide, so this is less likely to be the case. Régis
Le 28 novembre 2024 02:41:15 GMT+01:00, C Hamilton via QGIS-Developer <qgis-developer@lists.osgeo.org> a écrit : >I just installed the latest QGIS versions of the OSGeo4W installer. I >received a warning saying, "We moved libgrass_parson.8.4.dll to your >Quarantine because it was infected with Win64:Evo-gen[Trj]" > >Whether that dll is being used in a legitimate way, in today's age this is >an issue and should be looked at. > >Thanks, >Calvin
_______________________________________________ QGIS-Developer mailing list QGIS-Developer@lists.osgeo.org List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer
