Your message dated Mon, 30 Apr 2018 23:54:17 +0200 with message-id <[email protected]> and subject line Re: Bug#897254: CVE-2018-9060 has caused the Debian Bug report #897254, regarding CVE-2018-9060 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 897254: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897254 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Source: r-base Severity: grave Tags: security Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9060 I'm not sure whether this has been properly reported to the upstream developers. The timeline of the Github link above mentions 03-27-18: Emailed author, no response 04-03-18: Emailed author, no response 04-10-18: Emailed author, no response 04-23-18: New version released; Submitted public disclosure but it's not obvious who they contacted. Cheers, Moritz
--- End Message ---
--- Begin Message ---Hi Dirk, On Mon, Apr 30, 2018 at 04:33:48PM -0500, Dirk Eddelbuettel wrote: > There is no GUI in R on > Linux (there used to be a Gnome1/Gtk one a loooong time ago). Ah, ok. I wasn't aware of that. Even if we'd build some kind of GUI, tricking a user into manually pasting an overly long string into a specific input box is quite a stretch for labelling a bug a security issue.... I'll simply go ahead and close this, then. Thanks for the quick followup. Cheers, Moritz
--- End Message ---
