Skip to content

Bump ghostscript dependency to 10.01.2

Both the current release on the Windows Store as well as the release on https://binary-factory.kde.org/job/Okular_Release_win64/ are bundled with ghostscript 9.56.1 from April 2022. That version is, according to NVD, not only vulnerable against CVE-2023-36664, released in early July 2023, but also CVE-2023-28879, released in April 2023. The update to ghostscript 10.01.2 fixes both issues.

This merge request (or a better one addressing this issue) should be merged immediately (like, 3 weeks ago) and a new version be pushed to the Windows Store.

Merge request reports

Loading