Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#851 closed defect (fixed)

Python 3.12.5 vulnerable to CVE-2024-6232

Reported by: ascottwwf Owned by: osgeo4w-dev@…
Priority: normal Component: Package
Version: Keywords: Python vulnerability, QGIS LTR
Cc:

Description

Python released v3.12.6 on 6th September 2024 which fixes CVE-2024-6232 (Medium Severity) and also updated the bundled OpenSSL version to 3.0.15 (to fix OpenSSL vulnerabilities).

We use the OSGeo installer to deploy QGIS LTR, therefore please can the bundled Python version be updated so it is included with the QGIS LTR install?

Change History (2)

comment:1 by jef, 3 months ago

Resolution: fixed
Status: newclosed

OSGeo4W is already at Python 3.12.6 and OpenSSL 3.0.15.

in reply to:  1 comment:2 by ascottwwf, 3 months ago

Replying to jef:

OSGeo4W is already at Python 3.12.6 and OpenSSL 3.0.15.

Perfect thanks jef Please ignore my subsequent OpenSSL ticket (crossed in transit)

Note: See TracTickets for help on using tickets.