[R-pkg-team] Bug#922607: r-other-x4r: embeds code copy of gsoap
Emilio Pozuelo Monfort
pochu at debian.org
Mon Feb 18 11:20:19 GMT 2019
Package: r-other-x4r
Version: 1.0.1+git20150806.c6bd9bd-1
Severity: important
Tags: security
Hi,
While investigating CVE-2019-7659/gsoap, I noticed that your package embeds a
code copy of gsoap, which is compiled and linked into your package. It would
be good if you used the separate src:gsoap package, so that security issues
in gsoap don't need to be addressed separately in your package.
Thanks,
Emilio
More information about the R-pkg-team
mailing list