[Osgeo4w-trac] [osgeo4w] #851: Python 3.12.5 vulnerable to CVE-2024-6232
OSGeo4W
trac_osgeo4w at osgeo.org
Wed Sep 11 05:46:27 PDT 2024
#851: Python 3.12.5 vulnerable to CVE-2024-6232
----------------------+--------------------------------------------
Reporter: ascottwwf | Owner: osgeo4w-dev@…
Type: defect | Status: new
Priority: normal | Component: Package
Version: | Keywords: Python vulnerability, QGIS LTR
----------------------+--------------------------------------------
Python released v3.12.6 on 6th September 2024 which fixes CVE-2024-6232
(Medium Severity) and also updated the bundled OpenSSL version to 3.0.15
(to fix OpenSSL vulnerabilities).
We use the OSGeo installer to deploy QGIS LTR, therefore please can the
bundled Python version be updated so it is included with the QGIS LTR
install?
--
Ticket URL: <https://trac.osgeo.org/osgeo4w/ticket/851>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer and package environment for the OSGeo stack.
More information about the Osgeo4w-trac
mailing list