R Core has an official statement out on the inappropriately assigned... - Random

hrbrmstr, 15 days ago

R Core has an official statement out on the inappropriately assigned CVE-2024-27322 #RStats

https://blog.r-project.org/2024/05/10/statement-on-cve-2024-27322/

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Image

Image alternative text

krz, 15 days ago

@hrbrmstr why was it inappropriately assigned? The statement acknowledges a security bug (that they fixed).

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

hrbrmstr, 15 days ago

@krz Have you read anything about this prior to the R Core statement?

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

krz, 15 days ago

@hrbrmstr no, I haven’t heard of this bug or vulnerability before, and the r blog is not very informative either

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

hrbrmstr, 15 days ago

@krz https://rud.is/b/2024/05/03/cve-2024-27322-should-never-have-been-assigned-and-r-data-files-are-still-super-risky-even-in-r-4-4-0/

https://aitap.github.io/2024/05/02/unserialize.html

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment