Debian has issued an advisory today (March 19): https://lists.debian.org/debian-security-announce/2017/msg00068.html The DSA will be posted here: https://www.debian.org/security/2017/dsa-3813 It may be fixed already in Cauldron, unless Debian also added a patch to 3.3.3.
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => lmenut
Luc built an update for this and never said anything. Assigning to QA. Advisory: ======================== Updated R-base packages fix security vulnerability: Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation (CVE-2016-8714). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8714 https://www.debian.org/security/2017/dsa-3813 ======================== Updated packages in core/updates_testing: ======================== R-base-3.1.2-2.1.mga5 libRmath-3.1.2-2.1.mga5 libRmath-devel-3.1.2-2.1.mga5 from R-base-3.1.2-2.1.mga5.src.rpm
Assignee: lmenut => qa-bugsCC: (none) => lmenut
mga5 x86_64 Mate Had a look at the introduction and R-lang manuals downloaded from https://www.r-project.org/about.html and decided that it required too much time to learn to use. Installed R and set up a work directory. Just typing R brings up a command line prompt for interrogating the system or writing code statements. $ cd work $ R > help() q > demo() q > help.start() > q() $ Help is extensive and demo outlines the demonstration programs available. help.start() launches a web page with comprehensive links and following "packages" lists the packages in the standard library, all concerned with statistical analysis. Other links cover the same ground as the PDF manuals. Installed the updates and checked out the interfaces as above and tried out the sample session from Appendix A of the manual. See the attachment for a partial sample interactive session. That all went well and as there is not much else we can do with this it gets the OK.
CC: (none) => tarazed25
Created attachment 9543 [details] Extract from the sample session inthe R manual Since R is a GNU project there should be no copyright issues, I hope.
Whiteboard: (none) => MGA5-64-OK
Advisory uploaded, validating.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => advisory MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0236.html
Status: NEW => RESOLVEDResolution: (none) => FIXED