[Osgeo4w-trac] [osgeo4w] #844: Python 3.12.4 vulnerable to CVE-2024-3219 & CVE-2024-6923
OSGeo4W
trac_osgeo4w at osgeo.org
Thu Aug 8 02:59:04 PDT 2024
#844: Python 3.12.4 vulnerable to CVE-2024-3219 & CVE-2024-6923
----------------------+----------------------------------
Reporter: ascottwwf | Owner: osgeo4w-dev@…
Type: defect | Status: new
Priority: normal | Component: Package
Version: | Keywords: Python vulnerability
----------------------+----------------------------------
When using the OSGEO4W installer, Python 3.12.4 is included with QGIS LTR
3.34.9
It has come to my attention that this version of Python is now vulnerable
to CVE-2024-3219 and CVE-2024-6923.
Aparently fixes have been included with Python 3.12.5\\
Release Notes:
https://docs.python.org/release/3.12.5/whatsnew/changelog.html#python-3-12-5\\
N.B. Python 3.12.5 was released Tuesday 6th August 2024:
https://peps.python.org/pep-0693/#bugfix-releases
Please could you update the Python version so it is included with the next
release of QGIS?
--
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/844>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.
More information about the Osgeo4w-trac
mailing list