[Osgeo4w-trac] [osgeo4w] #851: Python 3.12.5 vulnerable to CVE-2024-6232

OSGeo4W trac_osgeo4w at osgeo.org
Wed Sep 11 05:46:27 PDT 2024


#851: Python 3.12.5 vulnerable to CVE-2024-6232
----------------------+--------------------------------------------
Reporter:  ascottwwf  |      Owner:  osgeo4w-dev@…
    Type:  defect     |     Status:  new
Priority:  normal     |  Component:  Package
 Version:             |   Keywords:  Python vulnerability, QGIS LTR
----------------------+--------------------------------------------
 Python released v3.12.6 on 6th September 2024 which fixes CVE-2024-6232
 (Medium Severity) and also updated the bundled OpenSSL version to 3.0.15
 (to fix OpenSSL vulnerabilities).

 We use the OSGeo installer to deploy QGIS LTR, therefore please can the
 bundled Python version be updated so it is included with the QGIS LTR
 install?
-- 
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/851>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.


More information about the Osgeo4w-trac mailing list