Your message dated Mon, 14 Jan 2019 16:56:17 -0600 with message-id <[email protected]> has caused the report #919324, regarding CVE-2018-20450 CVE-2018-20452 to be marked as having been forwarded to the upstream software author(s) Evan Miller <[email protected]>
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 919324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919324 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Hi Evan, On 14 January 2019 at 23:32, Moritz Muehlenhoff wrote: | Package: r-cran-readxl | Severity: important | Tags: security | | These two libxls issues should affect r-cran-readxl: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20450 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20452 These are both file as #34 and #35 at your GitHub repo, but I did not see any follow-up. I presume this is similar to the last time that the issue really stems from the underlying C parser library? Any idea how long it may take until we have a fix? Courtesy to Jenny who via readxl 'upstream' is the real maintainer for the CRAN package I mostly just wrap up for Debian. Best, Dirk | Cheers, | Moritz -- http://dirk.eddelbuettel.com | @eddelbuettel | [email protected]
--- End Message ---
