[R-pkg-team] Bug#922607: r-other-x4r: embeds code copy of gsoap

Emilio Pozuelo Monfort pochu at debian.org
Mon Feb 18 11:20:19 GMT 2019


Package: r-other-x4r
Version: 1.0.1+git20150806.c6bd9bd-1
Severity: important
Tags: security

Hi,

While investigating CVE-2019-7659/gsoap, I noticed that your package embeds a
code copy of gsoap, which is compiled and linked into your package. It would
be good if you used the separate src:gsoap package, so that security issues
in gsoap don't need to be addressed separately in your package.

Thanks,
Emilio



More information about the R-pkg-team mailing list