[SECURITY] [DLA 1297-1] freexl security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : freexl
Version : 1.0.0b-1+deb7u5
CVE ID : CVE-2018-7435 CVE-2018-7436 CVE-2018-7437 CVE-2018-7438
CVE-2018-7439
Leon reported five heap-based buffer-overflow vulnerabilities in FreeXL.
CVE-2018-7435
There is a heap-based buffer over-read in the freexl::destroy_cell
function.
CVE-2018-7436
There is a heap-based buffer over-read in a pointer dereference of
the parse_SST function.
CVE-2018-7437
There is a heap-based buffer over-read in a memcpy call of the
parse_SST function.
CVE-2018-7438
There is a heap-based buffer over-read in the parse_unicode_string
function.
CVE-2018-7439
There is a heap-based buffer over-read in the function
read_mini_biff_next_record.
For Debian 7 "Wheezy", these problems have been fixed in version
1.0.0b-1+deb7u5.
We recommend that you upgrade your freexl packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAlqYPcEACgkQZ1DxCuiN
SvFZeQ//Q40g8qbD6ZL5J5KCJWpyBmPQ/TAQ9d7c8B+ij1aQe7hJ5jEeqmpMWR47
N5ECTRU4Y86emftQjDuiZVW1KkDLHrhTvzDXmlcwzRfRpz0kLiY4wrN4V3i1OfsJ
oF/H8FdZdPMrCrvN0phmCR5YKJy9LpUwOz4A6VJS1sO8Y9ZTZit5YeIj2RdQ3SGm
KIrrviNdwXoG0qHWaOolpjnj9zADKcxtFiZobiobjfc02U7cdJ2p0ZmdfaXDBQYD
6LhUqXScCAPVv5rOxKFlATneqe5RVTerLBDoy2Llnxj/JYPTWSJPhPkNQvLi/Qj7
3U53coijrSwpMgyMpWNGKBeGaZMCNtin20M1N+JKgH6ZO3n+axVPPNBnmWSsjRLc
+VUjT8YEapAWGurZsCZxF2JXUiVA7KIyq8d+i18Z4KE0AtH5TFb0qLn6DpMHS7s6
e624+Vtx7PErPW+Fhzx5sAjwHOnDAIKUkp2VmQov6Yd8oz7AI3XHTYfY4SIUwmwZ
6DHSHCE0gfs92Z/EfGbgFkTiqPADm/MRA2IM2ojpO7guAaur9kXe2TH39eBEsf5F
vttbLnFBMYe0qPCBg8GcdH3vrpYC1HE6MNrByTC7F4yjqpPcZv+DlJfFdy/AZdJU
tO7CHPmzRF3CnVWuTkBT8Zt3IHMPFJtLy2Yv2VuVmP89HjrZXEQ=
=QJ6J
-----END PGP SIGNATURE-----
Reply to: