Patches for CVE-2024-27322
On 30 April 2024 at 11:59, peter dalgaard wrote:
| svn diff -c 86235 ~/r-devel/R Which is also available as https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7 Dirk | (or 86238 for the port to the release branch) should be easily backported. | | (CC Luke in case there is more to it) | | - pd |
| > On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at fedoraproject.org> wrote:
| > | > Dear R-core, | > | > I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We | > updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem | > there. However, F38 and F39 will stay at v4.3.3, and I was wondering if | > there's a specific patch available, or if you could point me to the commits | > that fixed the issue, so that we can cherry-pick them for F38 and F39. | > Thanks. | > | > [1] https://nvd.nist.gov/vuln/detail/CVE-2024-27322 | > | > Best, | > -- | > I?aki ?car | > | > [[alternative HTML version deleted]] | > | > ______________________________________________ | > R-devel at r-project.org mailing list | > https://stat.ethz.ch/mailman/listinfo/r-devel | | -- | Peter Dalgaard, Professor, | Center for Statistics, Copenhagen Business School | Solbjerg Plads 3, 2000 Frederiksberg, Denmark | Phone: (+45)38153501 | Office: A 4.23 | Email: pd.mes at cbs.dk Priv: PDalgd at gmail.com | | ______________________________________________ | R-devel at r-project.org mailing list | https://stat.ethz.ch/mailman/listinfo/r-devel
dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org