You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The fix for CVE-2020-35357 which affects the quantile_from_sorted_data is not present in this repository. It also seems to be missing from v2.7.0 which is listed as the fix.
In addition, should the value of n not be checked as well?
The fix for CVE-2020-35357 which affects the quantile_from_sorted_data is not present in this repository. It also seems to be missing from v2.7.0 which is listed as the fix.
In addition, should the value of n not be checked as well?
[1] https://github.com/ampl/gsl/blob/master/statistics/quantiles_source.c
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35357
[3] https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859