On Wed, Jun 06, 2018 at 09:28:06PM -0500, Dirk Eddelbuettel wrote:
>
> On 23 May 2018 at 20:44, Dirk Eddelbuettel wrote:
> |
> | On 22 May 2018 at 23:38, Moritz Muehlenhoff wrote:
> | | Package: r-cran-haven
> | | Severity: normal
> | | Tags: security
> | |
> | | r-cran-haven embeds a copy of ReadStat for which two security issues have
> been
> | | reported:
> | |
> | | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11364
> | | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11365
> |
> | Just to keep everybody in the loop, I contact upstream for the actual
> library
> | code (ie Evan, CC'ed, for ReadStat -- which is used in the R package haven
> | for which this CVE came in) and he was / is aware. This really came from a
> | set of Google auto-fuzzer reports.
> |
> | Work is ongoing, but this may take a moment.
>
> Just uploaded r-cran-haven_1.1.1-2 to unstable right now.
>
> Moritz: The r-cran-haven package is not in stable. So ... are we done with
> this then via unstable + testing?
Yep, all good now :-)
Cheers,
Moritz
