[Rd] [External] Re: Patches for CVE-2024-27322

Tierney, Luke |uke-t|erney @end|ng |rom u|ow@@edu
Tue Apr 30 17:14:02 CEST 2024


That should do it

Sent from my iPad

On Apr 30, 2024, at 9:57 AM, Iñaki Ucar <iucar using fedoraproject.org> wrote:


Many thanks both. I'll wait for Luke's confirmation to trigger the update with the backported fix.

Iñaki

On Tue, 30 Apr 2024 at 12:42, Dirk Eddelbuettel <edd using debian.org<mailto:edd using debian.org>> wrote:

On 30 April 2024 at 11:59, peter dalgaard wrote:
| svn diff -c 86235 ~/r-devel/R

Which is also available as
  https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7

Dirk

| (or 86238 for the port to the release branch) should be easily backported.
|
| (CC Luke in case there is more to it)
|
| - pd
|
| > On 30 Apr 2024, at 11:28 , Iñaki Ucar <iucar using fedoraproject.org<mailto:iucar using fedoraproject.org>> wrote:
| >
| > Dear R-core,
| >
| > I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We
| > updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem
| > there. However, F38 and F39 will stay at v4.3.3, and I was wondering if
| > there's a specific patch available, or if you could point me to the commits
| > that fixed the issue, so that we can cherry-pick them for F38 and F39.
| > Thanks.
| >
| > [1] https://nvd.nist.gov/vuln/detail/CVE-2024-27322
| >
| > Best,
| > --
| > Iñaki Úcar
| >
| >     [[alternative HTML version deleted]]
| >
| > ______________________________________________
| > R-devel using r-project.org<mailto:R-devel using r-project.org> mailing list
| > https://stat.ethz.ch/mailman/listinfo/r-devel
|
| --
| Peter Dalgaard, Professor,
| Center for Statistics, Copenhagen Business School
| Solbjerg Plads 3, 2000 Frederiksberg, Denmark
| Phone: (+45)38153501
| Office: A 4.23
| Email: pd.mes using cbs.dk<mailto:pd.mes using cbs.dk>  Priv: PDalgd using gmail.com<mailto:PDalgd using gmail.com>
|
| ______________________________________________
| R-devel using r-project.org<mailto:R-devel using r-project.org> mailing list
| https://stat.ethz.ch/mailman/listinfo/r-devel

--
dirk.eddelbuettel.com<http://dirk.eddelbuettel.com/> | @eddelbuettel | edd using debian.org<mailto:edd using debian.org>


--
Iñaki Úcar

	[[alternative HTML version deleted]]



More information about the R-devel mailing list