Release Info

Advisory: CLSA-2025:1764843464

OS: Debian 12

Public date: 2025-12-04 10:17:46.412483

Project: python

Version: 3.8.20-4

Errata link: https://errata.tuxcare.com/els_alt_python/debian12/CLSA-2025-1764843464.html

Changelog

* SECURITY UPDATE: Command injection vulnerability in venv module activation scripts when virtual environment paths contain special shell characters - debian/patches/CVE-2024-9287.patch: Properly quote template strings in venv activation scripts

Update

Update command: apt-get update apt-get --only-upgrade install alt-python*

Packages list

alt-python38_3.8.20-4_amd64.deb alt-python38-debug_3.8.20-4_amd64.deb alt-python38-devel_3.8.20-4_amd64.deb alt-python38-idle_3.8.20-4_amd64.deb alt-python38-libs_3.8.20-4_amd64.deb alt-python38-test_3.8.20-4_amd64.deb alt-python38-tkinter_3.8.20-4_amd64.deb

CVEs

CVE-2024-9287