Update Info

openSUSE-2024-21


Security update for perl-Spreadsheet-ParseXLSX


Type: security
Severity: moderate
Issued: 2024-01-16
Description:
This update for perl-Spreadsheet-ParseXLSX fixes the following issues:

Updated to 0.29:

   see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes

0.29:

- Fix for 'Argument "" isn't numeric in addition (+) at /usr/local/shar…
- Incorrect cell values due to phonetic data doy#72
- Fix die message in parse()
- Cannot open password protected SHA1 encrypted files. doy#68
- use date format detection based on Spreadsheet::XLSX
- Add rudimentary support for hyperlinks in cells

0.28:

- CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651)

- Fix possible memory bomb as reported in https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
- Updated Dist::Zilla configuration fixing deprecation warnings


              

Packages


  • perl-Spreadsheet-ParseXLSX-0.290.0-bp155.2.3.1