Bug 20524 - R-base new security issue CVE-2016-8714
Summary: R-base new security issue CVE-2016-8714
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-19 16:10 CET by David Walser
Modified: 2017-07-09 02:09 CEST (History)
2 users (show)

See Also:
Source RPM: R-base-3.1.2-2.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2017-03-19 16:10:47 CET
Debian has issued an advisory today (March 19):
https://lists.debian.org/debian-security-announce/2017/msg00068.html

The DSA will be posted here:
https://www.debian.org/security/2017/dsa-3813

It may be fixed already in Cauldron, unless Debian also added a patch to 3.3.3.
Comment 1 Marja van Waes 2017-03-19 17:19:25 CET
Assigning to the registered maintainer.
Comment 2 David Walser 2017-07-09 02:09:57 CEST
Luc built an update for this and never said anything.  Assigning to QA.

Advisory:
========================

Updated R-base packages fix security vulnerability:

Cory Duplantis discovered a buffer overflow in the R programming language. A
malformed encoding file may lead to the execution of arbitrary code during PDF
generation (CVE-2016-8714).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8714
https://www.debian.org/security/2017/dsa-3813
========================

Updated packages in core/updates_testing:
========================
R-base-3.1.2-2.1.mga5
libRmath-3.1.2-2.1.mga5
libRmath-devel-3.1.2-2.1.mga5

from R-base-3.1.2-2.1.mga5.src.rpm

Note You need to log in before you can comment on or make changes to this bug.