On 23 May 2018 at 20:44, Dirk Eddelbuettel wrote: | | On 22 May 2018 at 23:38, Moritz Muehlenhoff wrote: | | Package: r-cran-haven | | Severity: normal | | Tags: security | | | | r-cran-haven embeds a copy of ReadStat for which two security issues have been | | reported: | | | | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11364 | | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11365 | | Just to keep everybody in the loop, I contact upstream for the actual library | code (ie Evan, CC'ed, for ReadStat -- which is used in the R package haven | for which this CVE came in) and he was / is aware. This really came from a | set of Google auto-fuzzer reports. | | Work is ongoing, but this may take a moment.
Just uploaded r-cran-haven_1.1.1-2 to unstable right now. Moritz: The r-cran-haven package is not in stable. So ... are we done with this then via unstable + testing? Dirk -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
