[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-23525 as no-dsa for bookworm and bullseye

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jan 21 20:17:15 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5fca3c96 by Salvatore Bonaccorso at 2024-01-21T21:15:24+01:00
Mark CVE-2024-23525 as no-dsa for bookworm and bullseye

Technically the issue might warrant a DSA; a previous other CVE fix is
already queued for the point releases and in a quick discussion offlist
with a pkg-perl member a follow up update will be prepared for the near
point releases. So mark it for the regular stable suites as no-dsa
(while it is still perfectly fine to address the issue in LTS via a
DLA).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -395,6 +395,8 @@ CVE-2023-31274 (AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain
 	NOT-FOR-US: AVEVA PI Server
 CVE-2024-23525 (The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE att ...)
 	- libspreadsheet-parsexlsx-perl 0.31-1 (bug #1061098)
+	[bookworm] - libspreadsheet-parsexlsx-perl <no-dsa> (Slight minor issue; will be fixed in point release)
+	[bullseye] - libspreadsheet-parsexlsx-perl <no-dsa> (Slight minor issue; will be fixed in point release)
 	NOTE: https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a
 	NOTE: https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10
 	NOTE: Isolated changes: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/1d55f90caf433c7442e5be21a1849af2b5522ffe#diff-0702489aae2d242fa44a345ab28b021c884c51a87ba376b835f44e3474dc2385L1175-L1180 (0.30)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fca3c96207eb3f0bd222ea941bc6d3f8aa24a81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5fca3c96207eb3f0bd222ea941bc6d3f8aa24a81
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240121/846821f5/attachment.htm>

More information about the debian-security-tracker-commits mailing list