[Osgeo4w-trac] [osgeo4w] #838: Python 3.12.3 vulnerable to CVE-2024-4030

OSGeo4W trac_osgeo4w at osgeo.org
Mon Jun 3 08:26:22 PDT 2024


#838: Python 3.12.3 vulnerable to CVE-2024-4030
----------------------+---------------------------
Reporter:  ascottwwf  |      Owner:  osgeo4w-dev@…
    Type:  defect     |     Status:  new
Priority:  normal     |  Component:  Package
 Version:             |   Keywords:
----------------------+---------------------------
 When using the OSGEO4W installer, Python 3.12.3 is included with QGIS LTR
 3.34.7
 It has come to my attention that this version of Python is now vulnerable
 to CVE-2024-4030.\\

 According to the Next version release notes, a fix will be included with
 Python 3.12.4\\

 Release Notes:
 https://docs.python.org/3/whatsnew/changelog.html#changelog\\

 This is due to be released tomorrow (Tuesday 4th June 2024):
 https://peps.python.org/pep-0693/#bugfix-releases\\


 Please could you update the Python version so it is included with the next
 release of QGIS?
-- 
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/838>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.


More information about the Osgeo4w-trac mailing list