[osgeo4w-dev] [osgeo4w] #811: Vulnerable Python 3.9.5 executable exists after install latest of QGIS LTR 3.28.14 using the OSGEO4W installer

OSGeo4W trac_osgeo4w at osgeo.org
Mon Jan 15 07:12:57 PST 2024 

#811: Vulnerable Python 3.9.5 executable exists after install latest of QGIS LTR
3.28.14 using the OSGEO4W installer
-----------------------------------------+----------------------------
Reporter:  ascottwwf                     |       Owner:  osgeo4w-dev@…
    Type:  defect                        |      Status:  closed
Priority:  major                         |   Component:  Package
 Version:                                |  Resolution:  fixed
Keywords:  Python 3.9.5 Vulnerabilities  |
-----------------------------------------+----------------------------
Comment (by ascottwwf):

 Thank You jef,

 I can confirm a fresh install of QGIS v3.28.14 using the OSGEO4W installer
 (in a sandbox) now has Python v3.9.18 installed.

 A repeat of the PowerShell evidence from above showing the new Python
 versions:
 {{{
 PS C:\Program Files\OSGeo4W_v2> Get-ChildItem python*.dll,python*.exe
 -Recurse -Force -ErrorAction SilentlyContinue | Select-Object versioninfo
 -ExpandProperty versioninfo | Sort-Object
 ProductVersion,FileVersionRaw,Filename | Select-Object
 ProductVersion,FileVersionRaw,Filename | ft -auto

 ProductVersion FileVersionRaw FileName
 -------------- -------------- --------
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\DLLs\python3.dll
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\DLLs\python39.dll
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\Lib\venv\scripts\nt\python.exe
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\Lib\venv\scripts\nt\pythonw.exe
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\python.exe
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\python3.dll
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\python3.exe
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\python39.dll
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\pythonw.exe
 3.9.18         3.9.18150.1013 C:\Program
 Files\OSGeo4W_v2\apps\Python39\pythonw3.exe
 3.9.18         3.9.18150.1013 C:\Program Files\OSGeo4W_v2\bin\python.exe
 3.9.18         3.9.18150.1013 C:\Program Files\OSGeo4W_v2\bin\python3.dll
 3.9.18         3.9.18150.1013 C:\Program Files\OSGeo4W_v2\bin\python3.exe
 3.9.18         3.9.18150.1013 C:\Program Files\OSGeo4W_v2\bin\python39.dll
 3.9.18         3.9.18150.1013 C:\Program Files\OSGeo4W_v2\bin\pythonw.exe
 3.9.18         3.9.18150.1013 C:\Program Files\OSGeo4W_v2\bin\pythonw3.exe
 3.9.304.0      3.9.304.0      C:\Program
 Files\OSGeo4W_v2\apps\Python39\Lib\site-packages\pythonwin\Pythonwin.exe
 3.9.304.0      3.9.304.0      C:\Program
 Files\OSGeo4W_v2\apps\Python39\Lib\site-
 packages\pywin32_system32\pythoncom...
 3.9.304.0      3.9.304.0      C:\Program
 Files\OSGeo4W_v2\apps\Python39\Lib\site-packages\win32\pythonservice.exe
 }}}
-- 
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/811#comment:3>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.

More information about the osgeo4w-dev mailing list