Hi Evan,
On 14 January 2019 at 19:03, Evan Miller wrote: | Hi Dirk, | | You are correct - these are issues with the underlying C library, the GitHub issues you referenced. I have not researched them specifically, but I recently fixed two issues (#36 and #37) that are possibly related: | | https://github.com/evanmiller/libxls/issues/36 <https://github.com/evanmiller/libxls/issues/36> | https://github.com/evanmiller/libxls/issues/37 <https://github.com/evanmiller/libxls/issues/37> | | I will look into #34 and #35 when I get a chance. Thanks for the prompt follow-up. Please keep us posted and abreast of any progress. Dirk | Evan | | > On Jan 14, 2019, at 17:56, Dirk Eddelbuettel <e...@debian.org> wrote: | > | > | > Hi Evan, | > | > On 14 January 2019 at 23:32, Moritz Muehlenhoff wrote: | > | Package: r-cran-readxl | > | Severity: important | > | Tags: security | > | | > | These two libxls issues should affect r-cran-readxl: | > | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20450 | > | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20452 | > | > These are both file as #34 and #35 at your GitHub repo, but I did not see any s/file/filed/ -- sorry | > follow-up. I presume this is similar to the last time that the issue really | > stems from the underlying C parser library? Any idea how long it may take | > until we have a fix? | > | > Courtesy to Jenny who via readxl 'upstream' is the real maintainer for | > the s/Courtesy/Courtesy CC/ -- sorry | > CRAN package I mostly just wrap up for Debian. | > | > Best, Dirk | > | > | Cheers, | > | Moritz | > | > -- | > http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org | -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
