Your message dated Mon, 14 Jan 2019 16:56:17 -0600 with message-id <23613.5009.916366.709...@rob.eddelbuettel.com> has caused the report #919324, regarding CVE-2018-20450 CVE-2018-20452 to be marked as having been forwarded to the upstream software author(s) Evan Miller <emmil...@gmail.com>
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 919324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919324 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Hi Evan, On 14 January 2019 at 23:32, Moritz Muehlenhoff wrote: | Package: r-cran-readxl | Severity: important | Tags: security | | These two libxls issues should affect r-cran-readxl: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20450 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20452 These are both file as #34 and #35 at your GitHub repo, but I did not see any follow-up. I presume this is similar to the last time that the issue really stems from the underlying C parser library? Any idea how long it may take until we have a fix? Courtesy to Jenny who via readxl 'upstream' is the real maintainer for the CRAN package I mostly just wrap up for Debian. Best, Dirk | Cheers, | Moritz -- http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org
--- End Message ---