[Git][security-tracker-team/security-tracker][master] Reserve DLA-3723-1 for libspreadsheet-parsexlsx-perl

Sat Jan 27 14:27:16 GMT 2024


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
be64c2d2 by Guilhem Moulin at 2024-01-27T15:26:50+01:00
Reserve DLA-3723-1 for libspreadsheet-parsexlsx-perl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3633,7 +3633,6 @@ CVE-2024-22368 (The Spreadsheet::ParseXLSX package before 0.28 for Perl can enco
 	- libspreadsheet-parsexlsx-perl 0.29-1
 	[bookworm] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue; DoS, can be fixed in point release)
 	[bullseye] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue; DoS, can be fixed in point release)
-	[buster] - libspreadsheet-parsexlsx-perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
 	NOTE: Fixed by: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/39b25b91fcb939a9c8ea807fdc80386c1ae5be0c (0.28)
 	NOTE: Minor rewrite followup: https://github.com/MichaelDaum/spreadsheet-parsexlsx/commit/47ff82d74fbd014b8ec3cab80fa4fd25db9e8242


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Jan 2024] DLA-3723-1 libspreadsheet-parsexlsx-perl - security update
+	{CVE-2024-22368 CVE-2024-23525}
+	[buster] - libspreadsheet-parsexlsx-perl 0.27-2+deb10u1
 [27 Jan 2024] DLA-3722-1 mariadb-10.3 - security update
 	{CVE-2023-22084}
 	[buster] - mariadb-10.3 1:10.3.39-0+deb10u2


=====================================
data/dla-needed.txt
=====================================
@@ -133,9 +133,6 @@ libreswan
   NOTE: 20230909: all due to code refactoring. I intend to package the version
   NOTE: 20230909: from Bullseye instead as soon as the maintainer uploads the fix. (apo)
 --
-libspreadsheet-parsexlsx-perl (guilhem)
-  NOTE: 20240121: Added by Front-Desk (apo)
---
 libssh (Sean Whitton)
   NOTE: 20231219: Added by Front-Desk (ta)
   NOTE: 20240111: Still working on backporting the patches (spwhitton).



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be64c2d2d151e80df03698f237ebd4d50c182f8d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be64c2d2d151e80df03698f237ebd4d50c182f8d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240127/1dce908e/attachment.htm>
