On Thu, Apr 12, 2018 at 05:14:18PM -0500, Dirk Eddelbuettel wrote:
> Further update. I took some files from the new (in-progress, unfinished it
> seems) upstream of libxls at https://github.com/evanmiller/libxls/, and got
> some advice from the libxls maintainer.
> He also put new issue tickets up, one per CVE:
> https://github.com/evanmiller/libxls/issues
> And that builds.  It does not pass all unit tests (R / CRAN packages tend to
> have lots of those) but 'almost': 4 fail, 348 pass.
> We could release this, methinks.  What is your recommendation (and it has
> been years since I last had to do a security release so help is as always
> appreciated).

Do all of these patches/vulnerabilities apply to the version in stable?
Then I'd say let's fix this via security.debian.org, see
for some references.


Reply via email to