Opened 5 months ago
Closed 5 months ago
#844 closed defect (fixed)
Python 3.12.4 vulnerable to CVE-2024-3219 & CVE-2024-6923
Reported by: | ascottwwf | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | Package |
Version: | Keywords: | Python vulnerability | |
Cc: |
Description
When using the OSGEO4W installer, Python 3.12.4 is included with QGIS LTR 3.34.9
It has come to my attention that this version of Python is now vulnerable to CVE-2024-3219 and CVE-2024-6923.
Aparently fixes have been included with Python 3.12.5
Release Notes: https://docs.python.org/release/3.12.5/whatsnew/changelog.html#python-3-12-5
N.B. Python 3.12.5 was released Tuesday 6th August 2024: https://peps.python.org/pep-0693/#bugfix-releases
Please could you update the Python version so it is included with the next release of QGIS?
Note:
See TracTickets
for help on using tickets.