Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian 11: r-cran-gh Important API Auth Flaw DLA-4378-1 CVE-2025-54956

debian lts
Calendar Grey November 25, 2025
Dist Debian Esm H88
A security issue in r-cran-gh affects API authorization in Debian. Immediate upgrade required to mitigate risks.
A vulnerability has been discovered in r-cran-gh, a GNU R Minimal client to access the 'GitHub' 'API'

Summary

CVE-2025-54956

The HTTP response is delivered in a data structure that includes the
Authorization header from the corresponding HTTP request.

For Debian 11 bullseye, this problem has been fixed in version
1.2.0-1+deb11u1.

We recommend that you upgrade your r-cran-gh packages.

For the detailed security status of r-cran-gh please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/r-cran-gh

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
important
Lowest
Low
Medium
High
Critical

Package: r-cran-gh
Version: 1.2.0-1+deb11u1
CVE ID: CVE-2025-54956
Debian Bug: 1110481

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here