[Osgeo4w-trac] [osgeo4w] #859: Python version update to v3.12.8 (was: QGIS LTR Python version update to v3.12.8)

OSGeo4W trac_osgeo4w at osgeo.org
Mon Dec 9 02:50:25 PST 2024 

#859: Python version update to v3.12.8
-----------------------------+----------------------------
Reporter:  ascottwwf         |       Owner:  osgeo4w-dev@…
    Type:  defect            |      Status:  new
Priority:  normal            |   Component:  Package
 Version:                    |  Resolution:
Keywords:  Python, QGIS LTR  |
-----------------------------+----------------------------
Changes (by jef):

 * summary:  QGIS LTR Python version update to v3.12.8 => Python version
     update to v3.12.8


Old description:

> Hello,
>
> I have noticed that Python released new versions on 3rd December to fix a
> number of issues.
> It may subsequently come to light that these updates include security
> fixes for published CVEs, so is usually beneficial to update before the
> CVE's are publicised.
>

> As it subsequently turns out, Python 3.12.7 is vulnerable to the
> following 3 CVEs:
> - CVE-2024-9287 (Medium Severity)
> - CVE-2024-50602 (Medium Severity)
> - CVE-2024-12254 (High Severity)
> Therefore, as QGIS LTR 3.34.13 contains Python 3.12.7, if it has not
> already been done, Would it be possible to please update the Python
> version included with QGIS LTR to 3.12.8 to fix the above CVEs?
>
> Thanks in advance

New description:

 Hello,

 I have noticed that Python released new versions on 3rd December to fix a
 number of issues.
 It may subsequently come to light that these updates include security
 fixes for published CVEs, so is usually beneficial to update before the
 CVE's are publicised.

 As it subsequently turns out, Python 3.12.7 is vulnerable to the following
 3 CVEs:
 - CVE-2024-9287 (Medium Severity)
 - CVE-2024-50602 (Medium Severity)
 - CVE-2024-12254 (High Severity)
 Therefore, as QGIS LTR 3.34.13 contains Python 3.12.7, if it has not
 already been done, Would it be possible to please update the Python
 version to fix the above CVEs?

 Thanks in advance

--
-- 
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/859#comment:2>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.

More information about the Osgeo4w-trac mailing list