Opened 4 days ago
Closed 4 days ago
#841 closed defect (fixed)
Vulnerable Curl.exe v8.6.0 exists in OSGeo4W install
| Reported by: | ascottwwf | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | Package |
| Version: | Keywords: | ||
| Cc: |
Description (last modified by )
Hello,
I have noticed that the OSGeo4W_v2 installer (Which we use to install QGIS LTR) contains version 8.6.0 of curl.exe (located in \OSGeo4W\bin folder)
This version of curl is vulnerable to 2 medium and 2 low severity CVEs (CVE-2024-2466, CVE-2024-2398, CVE-2024-2379 and CVE-2024-2004) see: https://curl.se/docs/vulnerabilities.html.
These have all been fixed since version v8.7.0.
N.B. v8.8.0 is currently the latest release (Changelog: https://curl.se/changes.html)
Please could you update the OSGeov2 Installer to include the latest release of Curl to remove these current CVEs.
Thanks in advance
Adrian Scott
Change History (2)
comment:1 by , 4 days ago
| Description: | modified (diff) |
|---|
comment:2 by , 4 days ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
