Summary: | <dev-lang/R-4.0.4: code execution via malicious CRAN package (CVE-2020-27637) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | gentoo, mjo, sci-mathematics, strogdon |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://labs.bishopfox.com/advisories/cran-version-4.0.2 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 776781 |
Description
John Helmert III
2021-01-13 22:40:37 UTC
Beat me to it: commit ce6e78601bb5c33852051754f575272a05ef9c5c Author: Mikle Kolyada <zlogene@gentoo.org> Date: Fri Mar 5 15:55:15 2021 +0300 dev-lang/R: Version bump (v4.0.4) Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org> Please proceed with stabilization when ready. Let's get it stabilized... the existing stable ebuild has gcc-10 problems anyway. amd64 stable x86 done arm64 done sparc stable Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92d5e5c89778eb7ce15420c71a3f7abd0bdf6b7e commit 92d5e5c89778eb7ce15420c71a3f7abd0bdf6b7e Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-04-20 11:06:05 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-04-20 11:06:05 +0000 dev-lang/R: Remove old 3.4.1, 3.6.3-r1, 4.0.2 Bug: https://bugs.gentoo.org/765361 Closes: https://bugs.gentoo.org/776781 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: David Seifert <soap@gentoo.org> dev-lang/R/Manifest | 3 - dev-lang/R/R-3.4.1.ebuild | 203 ------------------------------------ dev-lang/R/R-3.6.3-r1.ebuild | 234 ----------------------------------------- dev-lang/R/R-4.0.2.ebuild | 243 ------------------------------------------- 4 files changed, 683 deletions(-) Thank you! Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=6de45d78fb7f4cf3386f767a9e6b4d48cc85ce88 commit 6de45d78fb7f4cf3386f767a9e6b4d48cc85ce88 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-01-06 09:03:55 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-01-06 09:04:19 +0000 [ GLSA 202401-07 ] R: Directory Traversal Bug: https://bugs.gentoo.org/765361 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202401-07.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) |