[Rd] Patches for CVE-2024-27322
peter dalgaard
pd@|gd @end|ng |rom gm@||@com
Tue Apr 30 11:59:05 CEST 2024
svn diff -c 86235 ~/r-devel/R
(or 86238 for the port to the release branch) should be easily backported.
(CC Luke in case there is more to it)
- pd
> On 30 Apr 2024, at 11:28 , Iñaki Ucar <iucar using fedoraproject.org> wrote:
>
> Dear R-core,
>
> I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We
> updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem
> there. However, F38 and F39 will stay at v4.3.3, and I was wondering if
> there's a specific patch available, or if you could point me to the commits
> that fixed the issue, so that we can cherry-pick them for F38 and F39.
> Thanks.
>
> [1] https://nvd.nist.gov/vuln/detail/CVE-2024-27322
>
> Best,
> --
> Iñaki Úcar
>
> [[alternative HTML version deleted]]
>
> ______________________________________________
> R-devel using r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-devel
--
Peter Dalgaard, Professor,
Center for Statistics, Copenhagen Business School
Solbjerg Plads 3, 2000 Frederiksberg, Denmark
Phone: (+45)38153501
Office: A 4.23
Email: pd.mes using cbs.dk Priv: PDalgd using gmail.com
More information about the R-devel
mailing list