On 22 May 2018 at 23:38, Moritz Muehlenhoff wrote: | Package: r-cran-haven | Severity: normal | Tags: security | | r-cran-haven embeds a copy of ReadStat for which two security issues have been | reported: | | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11364 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11365
Just to keep everybody in the loop, I contact upstream for the actual library code (ie Evan, CC'ed, for ReadStat -- which is used in the R package haven for which this CVE came in) and he was / is aware. This really came from a set of Google auto-fuzzer reports. Work is ongoing, but this may take a moment. Cheers, Dirk | | Cheers, | Moritz -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
