[R-pkg-team] About CVE-2025-54956 in r-cran-gh
Yang Wang
yang.wang at windriver.com
Wed Aug 13 18:03:42 BST 2025
On 2025-08-13 10:25, Yang Wang wrote:
>
> On 2025-08-13 03:15, Charles Plessy wrote:
>> CAUTION: This email comes from a non Wind River email account!
>> Do not click links or open attachments unless you recognize the
>> sender and know the content is safe.
>>
>> Le Tue, Aug 12, 2025 at 04:10:34PM -0400, Yang Wang a écrit :
>>> https://security-tracker.debian.org/tracker/CVE-2025-54956
>>>
>>> Do you think this important CVE issue is worth fixing in Trixie/Sid?
>>> And if
>>> yes, would you merge it if I provide a patch?
>> Hi Yang,
>>
>> yes, a patch would be very welcome. For Sid we can just upgrade to
>> the next
>> upstream version, but at this early point of the release cycle, maybe
>> we could first upload a patched version to Sid in order to test if it
>> breaks things (as the upstream authors suggest it might do).
>>
>> Have a nice day and thanks for your help !
>
> OK, thanks, I'm going to work on the patch, will let you know the
> progress.
I apologize that I just got a higher priority task assigned, I may have
to come back to this work later. I will let you know when possible.
Sorry about that.
Regards,
-Yang
>
> Thanks,
> -Yang
>
>>
>> Charles
>>
>> --
>> Charles Plessy Nagahama, Yomitan, Okinawa, Japan
>> Debian Med packaging team http://www.debian.org/devel/debian-med
>> Tooting from home https://framapiaf.org/@charles_plessy
>> - You do not have my permission to use this email to train an AI -
More information about the R-pkg-team
mailing list