Debian R-Base vulnerabilities

CVE-2024-27322 [HIGH] CVE-2024-27322: r-base - Deserialization of untrusted data can occur in the R statistical programming lan... Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with. Scope: local bookworm: open bullseye: open forky: resolved (fixe

CVE-2020-27637 [CRITICAL] CVE-2020-27637: r-base - The R programming language’s default package manager CRAN is affected by a path ... The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3 Scope: local bookworm: resolved (fixed in 4.0.3-1) bullseye: res

CVE-2016-8714 [HIGH] CVE-2016-8714: r-base - An exploitable buffer overflow vulnerability exists in the LoadEncoding function... An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 3.3.3-1) bullseye: resolved (fixed

CVE-2008-3931 [MEDIUM] CVE-2008-3931: r-base - javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a syml... javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Scope: local bookworm: resolved (fixed in 2.7.2-1) bullseye: resolved (fixed in 2.7.2-1) forky: resolved (fixed in 2.7.2-1) sid: resolved (fixed in 2.7.2-1) trixie: resolved (fixed in 2.7.2-1)