Accepted libspreadsheet-parseexcel-perl 0.6500-1+deb10u1 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted libspreadsheet-parseexcel-perl 0.6500-1+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 31 Dec 2023 00:50:18 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: libspreadsheet-parseexcel-perl_0.6500-1+deb10u1_source.changes
- Debian-source: libspreadsheet-parseexcel-perl
- Debian-suite: oldoldstable
- Debian-version: 0.6500-1+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=exSJR+b1RVSCG/LV2FiIVMkmr2ljG9Je1NOvcNzAEtk=; b=tCgeZAEMX5F5JKmMLzxTIWFbiG UT7lnXB+o6ogUAuPrNGzm1KsNCwiUeJyyfEwn4XSz3QDVCYkozwc0bJsROmjfkyd1nIWZgxAD+A+E YCCobj65VVVO7HGyIi7oqluQJyRl3y3LmtRnm4HzCm5rnMSCcKCzbryQsj6/+Z0GZILhqtO1nj4WP 2UNMl4zyMeU/OblfmYb+mD5thGXE+A7pW0pe80IErFIRuifeWOGWblBcqnuA42FGnqrKU0LYaCCL7 NiPilx2Q9ev9qUJBzfg3lHYHged/s4N4rbC8RhrBwzv90d7WOpcwLQmpBZsXNErW/gpx1jZSHlpbO u78HZGWw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1rJk1y-000sGf-Tl@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 31 Dec 2023 00:53:09 +0100
Source: libspreadsheet-parseexcel-perl
Architecture: source
Version: 0.6500-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1059450
Changes:
libspreadsheet-parseexcel-perl (0.6500-1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2023-7101: Arbitrary code execution (ACE) vulnerability due to
passing unvalidated input from a file into a string-type “eval”.
Specifically, the issue stems from the evaluation of Number format strings
(not to be confused with printf-style format strings) within the Excel
parsing logic. (Closes: #1059450)
Checksums-Sha1:
a241b25c00e6c973257a3bc3183ab0842aaabd5a 2554 libspreadsheet-parseexcel-perl_0.6500-1+deb10u1.dsc
76f49a87bffcbe0191117493c69017cf6a0598da 206923 libspreadsheet-parseexcel-perl_0.6500.orig.tar.gz
d7a5b43579d6290ade61917bf1452c7bbf0c15fd 6892 libspreadsheet-parseexcel-perl_0.6500-1+deb10u1.debian.tar.xz
1a82b051c06801e28ee4b9f416470837e30eaaa2 7369 libspreadsheet-parseexcel-perl_0.6500-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
257a8cff375e87a8f6a2b8d265a4547af1ff54348e0c8283d1769c3aedb220d3 2554 libspreadsheet-parseexcel-perl_0.6500-1+deb10u1.dsc
6ec4cb429bd58d81640fe12116f435c46f51ff1040c68f09cc8b7681c1675bec 206923 libspreadsheet-parseexcel-perl_0.6500.orig.tar.gz
7da9630b93e7a5aca4417fcfaa20c26cc1a068665dbf74d5c8e875797347be59 6892 libspreadsheet-parseexcel-perl_0.6500-1+deb10u1.debian.tar.xz
65046d519af907f9ccf8db6dd3f52d737ba4efbb58f5af6134d93b93a852035d 7369 libspreadsheet-parseexcel-perl_0.6500-1+deb10u1_amd64.buildinfo
Files:
e545dd22a62aee33e9754ba2aa9d5ff7 2554 perl optional libspreadsheet-parseexcel-perl_0.6500-1+deb10u1.dsc
4b8857e3a391d86501c1b742b459ac9e 206923 perl optional libspreadsheet-parseexcel-perl_0.6500.orig.tar.gz
4ec38c2c36c753fdf5d5ac45a9b59411 6892 perl optional libspreadsheet-parseexcel-perl_0.6500-1+deb10u1.debian.tar.xz
876a04c2d08a82f2ae1b44e942067453 7369 perl optional libspreadsheet-parseexcel-perl_0.6500-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmWQs9UACgkQ05pJnDwh
pVKGyBAAxm2IXl8z+vfOmU8GHhGBynchm4VWLE4yAHWUoeG7MP1Pog98R65pV0m9
+8cyt4T5btuL48GG3sSSoJerJjGF+BzYyMCd2vqca76Xuhx2OibGDyeNj/FgDKF5
q5WxMIYmpN/h2MLF6IhfaXUX3Lhn9TZR3RQV4oimQGVu3Jv5ta1jqD67K7rPmZab
d5jtxNeKC37d6MIjT+lIukPpZma9si7Xe23zWZ7Ifd4axevYjMiHnfMXl7aAOpSA
JaqCp0wDZfWG595FXCy/7T87S6TB2Gz+bQBZdcPpyFzdM+xWc3klPr1n27KtE9c7
+/OhK0XFjFmQ5SfMqJyslYC4+FIg4AadOQrxSc3ALcXtE9FMbt77XFBiopLqd5JH
w6gRXjGV0OBWVIlE2qZqGPQ/5StF916HJUSLiV5xMm4wXlCw6kmd6gGdP5IxlMYZ
lCJYk7MaVeBi/CD7c6f3afVfZkfWMptG/rUpuoX090bvAFCS3hzXDL3Z39vbchoQ
W7Q0HOKvhGJggc2QhHNxU+95sDfiCCotBA/k9TplGOsACRB3QZhKlsB7qT7fdjBY
VRaIZSXxC8rrziedrcpgdviIHAIbG6NhYndvzZT4KOFYAkoaco7htzN7zElkHQWI
EdP9/myLg2kGSdbmFiAMuUECI+BDfe8I7Q7LU6lbLfQlw6Xkh8Q=
=cjlZ
-----END PGP SIGNATURE-----