[osgeo4w-dev] [osgeo4w] #844: Python 3.12.4 vulnerable to CVE-2024-3219 & CVE-2024-6923

OSGeo4W trac_osgeo4w at osgeo.org
Thu Aug 8 02:59:04 PDT 2024


#844: Python 3.12.4 vulnerable to CVE-2024-3219 & CVE-2024-6923
----------------------+----------------------------------
Reporter:  ascottwwf  |      Owner:  osgeo4w-dev@…
    Type:  defect     |     Status:  new
Priority:  normal     |  Component:  Package
 Version:             |   Keywords:  Python vulnerability
----------------------+----------------------------------
 When using the OSGEO4W installer, Python 3.12.4 is included with QGIS LTR
 3.34.9

 It has come to my attention that this version of Python is now vulnerable
 to CVE-2024-3219 and CVE-2024-6923.

 Aparently fixes have been included with Python 3.12.5\\
 Release Notes:
 ​https://docs.python.org/release/3.12.5/whatsnew/changelog.html#python-3-12-5\\
 N.B. Python 3.12.5 was released Tuesday 6th August 2024:
 https://peps.python.org/pep-0693/#bugfix-releases

 Please could you update the Python version so it is included with the next
 release of QGIS?
-- 
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/844>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.


More information about the osgeo4w-dev mailing list