[R-pkg-team] About CVE-2025-54956 in r-cran-gh
Yang Wang
yang.wang at windriver.com
Wed Aug 13 15:25:56 BST 2025
On 2025-08-13 03:15, Charles Plessy wrote:
> CAUTION: This email comes from a non Wind River email account!
> Do not click links or open attachments unless you recognize the sender and know the content is safe.
>
> Le Tue, Aug 12, 2025 at 04:10:34PM -0400, Yang Wang a écrit :
>> https://security-tracker.debian.org/tracker/CVE-2025-54956
>>
>> Do you think this important CVE issue is worth fixing in Trixie/Sid? And if
>> yes, would you merge it if I provide a patch?
> Hi Yang,
>
> yes, a patch would be very welcome. For Sid we can just upgrade to the next
> upstream version, but at this early point of the release cycle, maybe
> we could first upload a patched version to Sid in order to test if it
> breaks things (as the upstream authors suggest it might do).
>
> Have a nice day and thanks for your help !
OK, thanks, I'm going to work on the patch, will let you know the progress.
Thanks,
-Yang
>
> Charles
>
> --
> Charles Plessy Nagahama, Yomitan, Okinawa, Japan
> Debian Med packaging team http://www.debian.org/devel/debian-med
> Tooting from home https://framapiaf.org/@charles_plessy
> - You do not have my permission to use this email to train an AI -
More information about the R-pkg-team
mailing list