Update Info


Security update for freexl

Type: security
Severity: important
Issued: 2018-03-01
This update for freexl fixes the following issues:

freexl was updated to version 1.0.5:

* No changelog provided by upstream
* Various heapoverflows in 1.0.4 have been fixed:

    * CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774)
    * CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775)
    * CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776)
    * CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777)
    * CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778)



  • freexl-1.0.5-8.1