Opened 2 months ago

Closed 2 months ago

#844 closed defect (fixed)

Python 3.12.4 vulnerable to CVE-2024-3219 & CVE-2024-6923

Reported by: ascottwwf Owned by: osgeo4w-dev@…
Priority: normal Component: Package
Version: Keywords: Python vulnerability
Cc:

Description

When using the OSGEO4W installer, Python 3.12.4 is included with QGIS LTR 3.34.9

It has come to my attention that this version of Python is now vulnerable to CVE-2024-3219 and CVE-2024-6923.

Aparently fixes have been included with Python 3.12.5
Release Notes: ​https://docs.python.org/release/3.12.5/whatsnew/changelog.html#python-3-12-5
N.B. Python 3.12.5 was released Tuesday 6th August 2024: https://peps.python.org/pep-0693/#bugfix-releases

Please could you update the Python version so it is included with the next release of QGIS?

Change History (1)

comment:1 by jef, 2 months ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.