similar to: Regarding the Security Vulnerability CVE 2024 - 27322

Dear Aishwarya Priyadarshini, Welcome to R-help! Most people here aren't affiliated with R Foundation. ? Wed, 26 Jun 2024 17:03:37 +0000 "Priya, Aishwarya via R-help" <r-help at r-project.org> ?????: > I am reaching out to seek your guidance on addressing the security > vulnerability CVE-2024-27322. > To address this issue effectively, it appears that we need to

Hi Ivan and R - Help Team, Thank you for your prompt response and the helpful information. I have another query: Is there a way to patch or upgrade the existing installation to version 4.4.0, rather than having to uninstall the older version and then install the latest one? A direct upgrade or patch would greatly simplify the process and reduce downtime. Your guidance on this matter would be

Dear R-core, I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We updated R to v4.4.0 in Fedora rawhide, F40, EPEL9 and EPEL8, so no problem there. However, F38 and F39 will stay at v4.3.3, and I was wondering if there's a specific patch available, or if you could point me to the commits that fixed the issue, so that we can cherry-pick them for F38 and F39. Thanks.

svn diff -c 86235 ~/r-devel/R (or 86238 for the port to the release branch) should be easily backported. (CC Luke in case there is more to it) - pd > On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at fedoraproject.org> wrote: > > Dear R-core, > > I just received notification of CVE-2024-27322 [1] in RedHat's Bugzilla. We > updated R to v4.4.0 in Fedora rawhide, F40,

On 30 April 2024 at 11:59, peter dalgaard wrote: | svn diff -c 86235 ~/r-devel/R Which is also available as https://github.com/r-devel/r-svn/commit/f7c46500f455eb4edfc3656c3fa20af61b16abb7 Dirk | (or 86238 for the port to the release branch) should be easily backported. | | (CC Luke in case there is more to it) | | - pd | | > On 30 Apr 2024, at 11:28 , I?aki Ucar <iucar at

Many thanks both. I'll wait for Luke's confirmation to trigger the update with the backported fix. I?aki On Tue, 30 Apr 2024 at 12:42, Dirk Eddelbuettel <edd at debian.org> wrote: > > On 30 April 2024 at 11:59, peter dalgaard wrote: > | svn diff -c 86235 ~/r-devel/R > > Which is also available as > >

All, There seems to be a hullaboo about a vulnerability in R when deserializing untrusted data: https://hiddenlayer.com/research/r-bitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-27322 https://www.kb.cert.org/vuls/id/238194 Apparently a fix was made for R 4.4.0, but I see no mention of it in the changes report: https://cloud.r-project.org/bin/windows/base/NEWS.R-4.4.0.html

On Mon, 13 May 2024 09:54:27 -0500 (CDT) luke-tierney--- via R-devel <r-devel at r-project.org> wrote: > Looks like I added that warning 22 years ago, so that should be enough > notice :-). I'll look into removing it now. Dear Luke, I've got a somewhat niche use case: as a way of protecting myself against rogue *.rds files and vulnerabilities in the C code, I've been

On Sat, 11 May 2024, Peter Langfelder wrote: > On Sat, May 11, 2024 at 9:34?AM luke-tierney--- via R-devel > <r-devel at r-project.org> wrote: >> >> On Sat, 11 May 2024, Travers Ching wrote: >> >>> The following code snippet causes R to hang. This example might be a >>> bit contrived as I was experimenting and trying to understand >>>

Slightly off topic, but maybe some can suggest something off list... Trying to upgrade a 7960 that was running skinny. I've got sip v3.2.0 installed and running, and am able to place calls via *, etc. However, when upgrading to v4.4.0 I can never get to the point of being able to place a call (eg, no dialtone, etc). I can ping the phone, look at the Network Config, etc, but I can't

On Thu, Apr 25, 2024 at 4:24?AM Ivan Krylov via R-devel <r-devel at r-project.org> wrote: > > On Wed, 24 Apr 2024 15:31:39 -0500 (CDT) > luke-tierney--- via R-devel <r-devel at r-project.org> wrote: > > > We would be better off (in my view, not necessarily shared by others > > in R-core) if we could get to a point where: > > > > all entry points

A few days ago I demoted my first DC (a v4.2.14, I think) and thought the demote had gone well. Now, when I run "samba-tool dnsupdate --verbose" I can see references to the first DC that remain. Unfortunately, that DC no longer exists so I simply cannot demote it again. Following the instructions on the "Demote a Samba AD DC" page "Verifying The Demotion" section, I

? Tue, 16 Jan 2024 14:16:19 -0500 Dipterix Wang <dipterix.wang at gmail.com> ?????: > Could you recommend any packages/functions that compute hash such > that the source references and sexpinfo_struct are ignored? Basically > a version of `serialize` that convert R objects to raw without > storing the ancillary source reference and sexpinfo. I can show how this can be done, but

Could you recommend any packages/functions that compute hash such that the source references and sexpinfo_struct are ignored? Basically a version of `serialize` that convert R objects to raw without storing the ancillary source reference and sexpinfo. I think most people would think of `digest` but that package uses `serialize` (see discussion

On Thu, 2016-10-13 at 19:00 -0500, Bob of Donelson Trophy via samba wrote: > A few days ago I demoted my first DC (a v4.2.14, I think) and thought > the demote had gone well. Now, when I run "samba-tool dnsupdate > --verbose" I can see references to the first DC that remain. > Unfortunately, that DC no longer exists so I simply cannot demote it > again.  > >

On Fri, Jan 15, 2016 at 5:04 PM, Wakko Warner <wakko at animx.eu.org> wrote: > Ilia Mirkin wrote: >> I suspect the fb0 issue is because you disabled >> CONFIG_DRM_FBDEV_EMULATION? Does the freeze also happen with 4.3? Any >> chance you could bisect? > > I saw this config option, but I didn't realize that. > The issue also occurs with 4.3. I even tried

I suspect the fb0 issue is because you disabled CONFIG_DRM_FBDEV_EMULATION? Does the freeze also happen with 4.3? Any chance you could bisect? On Mon, Jan 11, 2016 at 7:23 PM, Wakko Warner <wakko at animx.eu.org> wrote: > Please keep me in the CC. I am not subscribed to this list. > > When booting 4.4.0 on one of my systems, when nouveau loads, the screen goes > into powersave.

Ilia Mirkin wrote: > I suspect the fb0 issue is because you disabled > CONFIG_DRM_FBDEV_EMULATION? Does the freeze also happen with 4.3? Any > chance you could bisect? I saw this config option, but I didn't realize that. The issue also occurs with 4.3. I even tried 4.3-rc1 with the same results. Would the DRM_FBDEV_EMULATION effect 3D? > On Mon, Jan 11, 2016 at 7:23 PM, Wakko

Hi, Martin et al.: On 6/10/24 9:32 AM, Martin Maechler wrote: >>>>>> Spencer Graves >>>>>> on Mon, 10 Jun 2024 07:50:13 -0500 writes: > > > Hi, Gabor et al.: Thanks for this. I should change my > > current application to use either zoo or xts, as Gabor > > suggests. > > > > However, I was

Please keep me in the CC. I am not subscribed to this list. When booting 4.4.0 on one of my systems, when nouveau loads, the screen goes into powersave. It doesn't appear to register the fb0 device. When X starts up, the screen comes back and I'm able to login. When launching anything that accesses 3D, the screen freezes. Nothing is logged in either X or dmesg. This same system works