openSUSE-SU-2024:0021-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2024:0021-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2024:0021-1
- Related
- Published
- 2024-01-16T07:30:46Z
- Modified
- 2024-01-16T07:30:46Z
- Summary
- Security update for perl-Spreadsheet-ParseXLSX
- Details
-
This update for perl-Spreadsheet-ParseXLSX fixes the following issues:
Updated to 0.29:
see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes
0.29:
- Fix for 'Argument '' isn't numeric in addition (+) at /usr/local/shar…
- Incorrect cell values due to phonetic data doy#72
- Fix die message in parse()
- Cannot open password protected SHA1 encrypted files. doy#68
- use date format detection based on Spreadsheet::XLSX
- Add rudimentary support for hyperlinks in cells
0.28:
CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651)
Fix possible memory bomb as reported in https://github.com/haile01/perlspreadsheetexcelrcepoc/blob/main/parsexlsxbomb.md
- Updated Dist::Zilla configuration fixing deprecation warnings
- References
Affected packages
SUSE:Package Hub 15 SP5 / perl-Spreadsheet-ParseXLSX
Package
- Name
- perl-Spreadsheet-ParseXLSX
- Purl
- pkg:rpm/suse/perl-Spreadsheet-ParseXLSX&distro=SUSE%20Package%20Hub%2015%20SP5