Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits: be64c2d2 by Guilhem Moulin at 2024-01-27T15:26:50+01:00 Reserve DLA-3723-1 for libspreadsheet-parsexlsx-perl - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -3633,7 +3633,6 @@ CVE-2024-22368 (The Spreadsheet::ParseXLSX package before 0.28 for Perl can enco - libspreadsheet-parsexlsx-perl 0.29-1 [bookworm] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue; DoS, can be fixed in point release) [bullseye] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue; DoS, can be fixed in point release) - [buster] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue) NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md NOTE: Fixed by: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/39b25b91fcb939a9c8ea807fdc80386c1ae5be0c (0.28) NOTE: Minor rewrite followup: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/47ff82d74fbd014b8ec3cab80fa4fd25db9e8242 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[27 Jan 2024] DLA-3723-1 libspreadsheet-parsexlsx-perl - security update + {CVE-2024-22368 CVE-2024-23525} + [buster] - libspreadsheet-parsexlsx-perl 0.27-2+deb10u1 [27 Jan 2024] DLA-3722-1 mariadb-10.3 - security update {CVE-2023-22084} [buster] - mariadb-10.3 1:10.3.39-0+deb10u2 ===================================== data/dla-needed.txt ===================================== @@ -133,9 +133,6 @@ libreswan NOTE: 20230909: all due to code refactoring. I intend to package the version NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the fix. (apo) -- -libspreadsheet-parsexlsx-perl (guilhem) - NOTE: 20240121: Added by Front-Desk (apo) --- libssh (Sean Whitton) NOTE: 20231219: Added by Front-Desk (ta) NOTE: 20240111: Still working on backporting the patches (spwhitton). View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be64c2d2d151e80df03698f237ebd4d50c182f8d -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be64c2d2d151e80df03698f237ebd4d50c182f8d You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits