Debian has issued an advisory today (March 19):
The DSA will be posted here:
It may be fixed already in Cauldron, unless Debian also added a patch to 3.3.3.
Assigning to the registered maintainer.
Luc built an update for this and never said anything. Assigning to QA.
Updated R-base packages fix security vulnerability:
Cory Duplantis discovered a buffer overflow in the R programming language. A
malformed encoding file may lead to the execution of arbitrary code during PDF
Updated packages in core/updates_testing: