[Git][security-tracker-team/security-tracker][master] Reserve DLA-3723-1 for libspreadsheet-parsexlsx-perl

Guilhem Moulin (@guilhem) Sat, 27 Jan 2024 06:27:25 -0800


Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
be64c2d2 by Guilhem Moulin at 2024-01-27T15:26:50+01:00
Reserve DLA-3723-1 for libspreadsheet-parsexlsx-perl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3633,7 +3633,6 @@ CVE-2024-22368 (The Spreadsheet::ParseXLSX package before 
0.28 for Perl can enco
        - libspreadsheet-parsexlsx-perl 0.29-1
        [bookworm] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue; DoS, 
can be fixed in point release)
        [bullseye] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue; DoS, 
can be fixed in point release)
-       [buster] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue)
        NOTE: 
https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
        NOTE: Fixed by: 
https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/39b25b91fcb939a9c8ea807fdc80386c1ae5be0c
 (0.28)
        NOTE: Minor rewrite followup: 
https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/47ff82d74fbd014b8ec3cab80fa4fd25db9e8242


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Jan 2024] DLA-3723-1 libspreadsheet-parsexlsx-perl - security update
+       {CVE-2024-22368 CVE-2024-23525}
+       [buster] - libspreadsheet-parsexlsx-perl 0.27-2+deb10u1
 [27 Jan 2024] DLA-3722-1 mariadb-10.3 - security update
        {CVE-2023-22084}
        [buster] - mariadb-10.3 1:10.3.39-0+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -133,9 +133,6 @@ libreswan
   NOTE: 20230909: all due to code refactoring. I intend to package the version
   NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the 
fix. (apo)
 --
-libspreadsheet-parsexlsx-perl (guilhem)
-  NOTE: 20240121: Added by Front-Desk (apo)
---
 libssh (Sean Whitton)
   NOTE: 20231219: Added by Front-Desk (ta)
   NOTE: 20240111: Still working on backporting the patches (spwhitton).



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be64c2d2d151e80df03698f237ebd4d50c182f8d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be64c2d2d151e80df03698f237ebd4d50c182f8d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3723-1 for libspreadsheet-parsexlsx-perl

Reply via email to