UBUNTU-CVE-2024-39689
- Source
- https://ubuntu.com/security/CVE-2024-39689
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-39689.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-39689
- Upstream
- Published
- 2024-07-05T19:15:00Z
- Modified
- 2025-09-08T17:01:41Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - negligible
- Summary
- [none]
- Details
-
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from
GLOBALTRUST. Certifi 2024.7.04 removes root certificates fromGLOBALTRUSTfrom the root store. These are in the process of being removed from Mozilla's trust store.GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues." - References
Affected packages
Ubuntu:Pro:14.04:LTS / python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip@1.5.4-1ubuntu4+esm5?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.4.1-2
1.5.4-1
1.5.4-1ubuntu1
1.5.4-1ubuntu3
1.5.4-1ubuntu4
1.5.4-1ubuntu4+esm1
1.5.4-1ubuntu4+esm2
1.5.4-1ubuntu4+esm3
1.5.4-1ubuntu4+esm4
1.5.4-1ubuntu4+esm5
Ecosystem specific
{
"priority_reason": "Use of bundled CA certificates is patched out in Ubuntu",
"binaries": [
{
"binary_name": "python-pip",
"binary_version": "1.5.4-1ubuntu4+esm5"
},
{
"binary_name": "python-pip-whl",
"binary_version": "1.5.4-1ubuntu4+esm5"
},
{
"binary_name": "python3-pip",
"binary_version": "1.5.4-1ubuntu4+esm5"
}
]
}
Ubuntu:Pro:16.04:LTS / python-certifi
Package
- Name
- python-certifi
- Purl
- pkg:deb/ubuntu/python-certifi@2015.11.20.1-2?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:16.04:LTS / python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip@8.1.1-2ubuntu0.6+esm11?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.5.6-7ubuntu1
1.5.6-7ubuntu2
8.*
8.0.2-7
8.0.3-1
8.0.3-2
8.1.0-1
8.1.0-2
8.1.1-1
8.1.1-2
8.1.1-2ubuntu0.1
8.1.1-2ubuntu0.2
8.1.1-2ubuntu0.4
8.1.1-2ubuntu0.6
8.1.1-2ubuntu0.6+esm2
8.1.1-2ubuntu0.6+esm3
8.1.1-2ubuntu0.6+esm4
8.1.1-2ubuntu0.6+esm5
8.1.1-2ubuntu0.6+esm6
8.1.1-2ubuntu0.6+esm8
8.1.1-2ubuntu0.6+esm10
8.1.1-2ubuntu0.6+esm11
Ecosystem specific
{
"priority_reason": "Use of bundled CA certificates is patched out in Ubuntu",
"binaries": [
{
"binary_name": "python-pip",
"binary_version": "8.1.1-2ubuntu0.6+esm11"
},
{
"binary_name": "python-pip-whl",
"binary_version": "8.1.1-2ubuntu0.6+esm11"
},
{
"binary_name": "python3-pip",
"binary_version": "8.1.1-2ubuntu0.6+esm11"
}
]
}
Ubuntu:Pro:18.04:LTS / python-certifi
Package
- Name
- python-certifi
- Purl
- pkg:deb/ubuntu/python-certifi@2018.1.18-2?arch=source&distro=esm-infra/bionic
Ubuntu:Pro:18.04:LTS / python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip@9.0.1-2.3~ubuntu1.18.04.8+esm7?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.1-2
9.0.1-2.3~ubuntu1
9.0.1-2.3~ubuntu1.18.04.1
9.0.1-2.3~ubuntu1.18.04.2
9.0.1-2.3~ubuntu1.18.04.3
9.0.1-2.3~ubuntu1.18.04.4
9.0.1-2.3~ubuntu1.18.04.5
9.0.1-2.3~ubuntu1.18.04.5+esm2
9.0.1-2.3~ubuntu1.18.04.5+esm3
9.0.1-2.3~ubuntu1.18.04.6
9.0.1-2.3~ubuntu1.18.04.6+esm1
9.0.1-2.3~ubuntu1.18.04.7
9.0.1-2.3~ubuntu1.18.04.7+esm1
9.0.1-2.3~ubuntu1.18.04.8
9.0.1-2.3~ubuntu1.18.04.8+esm1
9.0.1-2.3~ubuntu1.18.04.8+esm2
9.0.1-2.3~ubuntu1.18.04.8+esm4
9.0.1-2.3~ubuntu1.18.04.8+esm6
9.0.1-2.3~ubuntu1.18.04.8+esm7
Ecosystem specific
{
"priority_reason": "Use of bundled CA certificates is patched out in Ubuntu",
"binaries": [
{
"binary_name": "python-pip",
"binary_version": "9.0.1-2.3~ubuntu1.18.04.8+esm7"
},
{
"binary_name": "python-pip-whl",
"binary_version": "9.0.1-2.3~ubuntu1.18.04.8+esm7"
},
{
"binary_name": "python3-pip",
"binary_version": "9.0.1-2.3~ubuntu1.18.04.8+esm7"
}
]
}
Ubuntu:Pro:20.04:LTS / python-certifi
Package
- Name
- python-certifi
- Purl
- pkg:deb/ubuntu/python-certifi@2019.11.28-1?arch=source&distro=esm-infra/focal
Ubuntu:Pro:20.04:LTS / python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip@20.0.2-5ubuntu1.11+esm3?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
18.*
18.1-5
18.1-5build1
18.1-5ubuntu1
20.*
20.0.2-2
20.0.2-4
20.0.2-5
20.0.2-5ubuntu1
20.0.2-5ubuntu1.1
20.0.2-5ubuntu1.3
20.0.2-5ubuntu1.4
20.0.2-5ubuntu1.5
20.0.2-5ubuntu1.6
20.0.2-5ubuntu1.7
20.0.2-5ubuntu1.8
20.0.2-5ubuntu1.9
20.0.2-5ubuntu1.10
20.0.2-5ubuntu1.10+esm2
20.0.2-5ubuntu1.11
20.0.2-5ubuntu1.11+esm2
20.0.2-5ubuntu1.11+esm3
Ubuntu:22.04:LTS / python-certifi
Package
- Name
- python-certifi
- Purl
- pkg:deb/ubuntu/python-certifi@2020.6.20-1?arch=source&distro=jammy
Ubuntu:22.04:LTS / python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip@22.0.2+dfsg-1ubuntu0.6?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS / python-certifi
Package
- Name
- python-certifi
- Purl
- pkg:deb/ubuntu/python-certifi@2023.11.17-1?arch=source&distro=noble
Ubuntu:24.04:LTS / python-pip
Package
- Name
- python-pip
- Purl
- pkg:deb/ubuntu/python-pip@24.0+dfsg-1ubuntu1.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected