Release Info

Advisory: CLSA-2025:1764843244

OS: Debian 13

Public date: 2025-12-04 10:14:07.060283

Project: python

Version: 3.8.20-4

Errata link: https://errata.tuxcare.com/els_alt_python/debian13/CLSA-2025-1764843244.html

Changelog

* SECURITY UPDATE: Command injection vulnerability in venv module activation scripts when virtual environment paths contain special shell characters - debian/patches/CVE-2024-9287.patch: Properly quote template strings in venv activation scripts

Update

Update command: apt-get update apt-get --only-upgrade install alt-python*

Packages list

alt-python38_3.8.20-4_amd64.deb alt-python38-debug_3.8.20-4_amd64.deb alt-python38-devel_3.8.20-4_amd64.deb alt-python38-idle_3.8.20-4_amd64.deb alt-python38-libs_3.8.20-4_amd64.deb alt-python38-test_3.8.20-4_amd64.deb alt-python38-tkinter_3.8.20-4_amd64.deb

CVEs

CVE-2024-9287