Your message dated Wed, 24 Sep 2025 21:37:14 +0000
with message-id <[email protected]>
and subject line Bug#1110481: fixed in r-cran-gh 1.5.0-1
has caused the Debian Bug report #1110481,
regarding r-cran-gh: CVE-2025-54956
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110481: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110481
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: r-cran-gh
Version: 1.4.1-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/r-lib/gh/issues/222
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for r-cran-gh.
CVE-2025-54956[0]:
| The gh package before 1.5.0 for R delivers an HTTP response in a
| data structure that includes the Authorization header from the
| corresponding HTTP request.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54956
https://www.cve.org/CVERecord?id=CVE-2025-54956
[1] https://github.com/r-lib/gh/issues/222
[2] https://github.com/r-lib/gh/commit/b575d488c71318449cc6c8c989c617db29275848
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: r-cran-gh
Source-Version: 1.5.0-1
Done: Rebecca N. Palmer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
r-cran-gh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rebecca N. Palmer <[email protected]> (supplier of updated r-cran-gh
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 23 Sep 2025 17:28:35 +0100
Source: r-cran-gh
Architecture: source
Version: 1.5.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian R Packages Maintainers <[email protected]>
Changed-By: Rebecca N. Palmer <[email protected]>
Closes: 1110481
Changes:
r-cran-gh (1.5.0-1) unstable; urgency=medium
.
* Team upload.
* New upstream version (Closes: #1110481)
* Standards-Version: 4.7.2 (no changes needed)
Checksums-Sha1:
f1fd237ea92c0d1a53975122244623924840fa61 2296 r-cran-gh_1.5.0-1.dsc
5ce366eed591cf4dd601a3e27cb26b081091efcd 46366 r-cran-gh_1.5.0.orig.tar.gz
1a274cab53b41516e13302af88e4b2036f83caed 2916 r-cran-gh_1.5.0-1.debian.tar.xz
bdcc9467502cc3627e4504e102795b4d88293faf 5533
r-cran-gh_1.5.0-1_source.buildinfo
Checksums-Sha256:
755d03d475a066b0659f4ce031b25a9552e11803c3143db4256f69337b1be291 2296
r-cran-gh_1.5.0-1.dsc
295a063084960fc790156d75e1db8b653d6123441079b2c94f1a8937e0329b8e 46366
r-cran-gh_1.5.0.orig.tar.gz
46bd85920e11223fc18b069f6bd212e1d259b47107ad0e38718683c7e29963b5 2916
r-cran-gh_1.5.0-1.debian.tar.xz
86e96b5028d08e0e0d66f250f9f5784ad27a644fa85f76327bac659b604ca39b 5533
r-cran-gh_1.5.0-1_source.buildinfo
Files:
37f06f420c67d7ffe83a8267afcfa0cf 2296 gnu-r optional r-cran-gh_1.5.0-1.dsc
f77f9745b8ecf116a38cdc5b3fcc2ca1 46366 gnu-r optional
r-cran-gh_1.5.0.orig.tar.gz
b0488003ff2e7975c0641f425314fedb 2916 gnu-r optional
r-cran-gh_1.5.0-1.debian.tar.xz
c6f2cfbb1443055482a2dece8e82fb0a 5533 gnu-r optional
r-cran-gh_1.5.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJMBAEBCgA2FiEEZ8sxEAXE7b4yF1MI3uUNDVZ+omYFAmjUWtcYHHJlYmVjY2Ff
cGFsbWVyQHpvaG8uY29tAAoJEN7lDQ1WfqJmZPQP/3ptc3oSBx9kmLcNZ+5z+y47
uhj6qweEW16ZXJEP+t1UC160+n0t2ZRmfyKPy+PiG93jQMgDmnfY2DVonspoesQC
21w+wocM390APrzeumRe8RN7LBYg1q6EcrrFeu9FutdpR3jY9bVmw3fUGaVAcvvi
52pFTVD0TCLZsMB3j3O0l6MIRO2Z97ULIw2zaA8USaEu/j+k/tfxkfGAIJbctuO2
4xqJvSa32xQD9whYfzN0AcGXOpd8/cgdHLooxROqeZvojtp5GUuhYldE+eOPm3wo
asjBHFJHY5R6O/rZKDTfBr2X6SWQ9SajvN9OF8OyvMS0UDKA+mBJBSXe1QgjvWdo
LEeXPFVVQJq8LdCVMYetkiTMntRO3zEp+FACK7B0U3vsXsDYcl5PfDpH/4xZ2Czu
/vhUVFdmUUy7lR6Kz44jaWrE1xzZUCeemaMNLhVoRf8Ihg9IqQHMs+kB2f80rmue
8PmbSmeIIEiJe6cHLOq3BxiDiYMSDEp2YQaGpEuavaCK0xKEU4Qe4Su2Wy61GO2l
sf7v7weYImbteCk15LSR1Hb3wBq5KGb41BM5E9pOEQ8NpqPP/ovGzmnw2QGvdMsf
CaDpivOXkJ5YjgrPTxVCnqFWJR2RT3Mxol8Kqr4OPsoUCsxCPeYtgL34GVEYHlKb
BTtubbFqvmUUUG6X0lKG
=n51j
-----END PGP SIGNATURE-----
pgpB6lQB3hxRq.pgp
Description: PGP signature
--- End Message ---
