Debian has issued an advisory today (March 19):
The DSA will be posted here:
It may be fixed already in Cauldron, unless Debian also added a patch to 3.3.3.
Assigning to the registered maintainer.
Luc built an update for this and never said anything. Assigning to QA.
Updated R-base packages fix security vulnerability:
Cory Duplantis discovered a buffer overflow in the R programming language. A
malformed encoding file may lead to the execution of arbitrary code during PDF
Updated packages in core/updates_testing:
mga5 x86_64 Mate
Had a look at the introduction and R-lang manuals downloaded from
and decided that it required too much time to learn to use.
Installed R and set up a work directory.
Just typing R brings up a command line prompt for interrogating the system or writing code statements.
$ cd work
Help is extensive and demo outlines the demonstration programs available.
help.start() launches a web page with comprehensive links and following
"packages" lists the packages in the standard library, all concerned with statistical analysis. Other links cover the same ground as the PDF manuals.
Installed the updates and checked out the interfaces as above and tried out
the sample session from Appendix A of the manual. See the attachment for a partial sample interactive session.
That all went well and as there is not much else we can do with this it gets the OK.
Created attachment 9543 [details]
Extract from the sample session inthe R manual
Since R is a GNU project there should be no copyright issues, I hope.
Advisory uploaded, validating.
An update for this issue has been pushed to the Mageia Updates repository.