File _patchinfo of Package patchinfo.18267

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.18267

<patchinfo incident="18267">
  <issue tracker="bnc" id="1218651">VUL-0: CVE-2024-22368: perl-Spreadsheet-ParseXLSX: out-of-memory condition during parsing of a crafted XLSX document</issue>
  <issue tracker="cve" id="2024-22368"/>
  <packager>computersalat</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for perl-Spreadsheet-ParseXLSX</summary>
  <description>This update for perl-Spreadsheet-ParseXLSX fixes the following issues:

Updated to 0.29:

see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes

0.29:

- Fix for 'Argument "" isn't numeric in addition (+) at /usr/local/shar&#8230;
- Incorrect cell values due to phonetic data doy#72
- Fix die message in parse()
- Cannot open password protected SHA1 encrypted files. doy#68
- use date format detection based on Spreadsheet::XLSX
- Add rudimentary support for hyperlinks in cells

0.28:

- CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651)

- Fix possible memory bomb as reported in https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
- Updated Dist::Zilla configuration fixing deprecation warnings
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.18267

Places