#851 closed defect (fixed)
Python 3.12.5 vulnerable to CVE-2024-6232
Reported by: | ascottwwf | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | Package |
Version: | Keywords: | Python vulnerability, QGIS LTR | |
Cc: |
Description
Python released v3.12.6 on 6th September 2024 which fixes CVE-2024-6232 (Medium Severity) and also updated the bundled OpenSSL version to 3.0.15 (to fix OpenSSL vulnerabilities).
We use the OSGeo installer to deploy QGIS LTR, therefore please can the bundled Python version be updated so it is included with the QGIS LTR install?
Change History (2)
follow-up: 2 comment:1 by , 3 months ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 by , 3 months ago
Replying to jef:
OSGeo4W is already at Python 3.12.6 and OpenSSL 3.0.15.
Perfect thanks jef Please ignore my subsequent OpenSSL ticket (crossed in transit)
Note:
See TracTickets
for help on using tickets.
OSGeo4W is already at Python 3.12.6 and OpenSSL 3.0.15.