lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20150719174726.GA9061@pisco.westfalen.local>
Date: Sun, 19 Jul 2015 19:47:27 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3310-1] freexl security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3310-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
July 19, 2015                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : freexl
CVE ID         : not yet available

It was discovered that an integer overflow in freexl, a library to parse
Microsoft Excel spreadsheets may result in denial of service if a
malformed Excel file is opened.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.0.0b-1+deb7u2.

For the stable distribution (jessie), this problem has been fixed in
version 1.0.0g-1+deb8u2.

For the testing distribution (stretch), this problem has been fixed
in version 1.0.2-1.

For the unstable distribution (sid), this problem has been fixed in
version 1.0.2-1.

We recommend that you upgrade your freexl packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVq+KDAAoJEBDCk7bDfE42fAIQAKfMu9ZBVUkmPsxKTf3J1ygS
DuK7g2PP2hacV3D+igshEL7IxzNKkvdz/Eguz/6ZZUisCueWGginhXNcfvmdjISU
bd90aHVZv9c0ZnGTnsY0Fbw8Q2bDyOL05ebSOc7QRLJyMqsdP43MgqjICFw7RgoV
Pn3lIVKrfQ9qEE/OKJQa8j0Q+R3tPuwC34z4Gw06HTsB1srtmGLHh9QcfpY0uTeW
3MymXOTAVMOpc/VDAcE2HWcy66d1HtKt96pfBSU5koP4ZX3rF3MmPl3FBKfA+RyR
Z8Kxr1PoNuttwldbXwHRMX65Swr655+qV+Y5Nj2qawEBTbcsrSIH3RLjgwoSbojc
pzazg9qejxQOrN7E7b+x0tIu1F0Nq+gxc9/d9mWsuBGHV9SyiS+CP7FKYsQgir9b
CeKgIu1lU3Rlk5wVpQyZteyLMkMN0zsaQD6DNeTHyRYF7rCaSXvt/9JSLsj2jagN
JkPXWByxHitMtWeMMeg1cgQ77qIurk9Mm1tNeQ3lsM43pJqRKr5ggp2cVMtihSFX
8ptrETGzy7NR+If241sYMFTqUn4E8qKTS+0U0HlOPjg/yQ/3zY50/t5udMl5ToV2
b7MS1grueUWFSOKe2kfj2r0VFib3WYNXsm06UvjL5+2sGBtlqCSIFBZbnw+SZw8E
UX4FIBx19in8mVfB1C5K
=Crfh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ