UbuntuUpdates.org

Package "freexl"

Name: freexl

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library for direct reading of Microsoft Excel spreadsheets - devel
  • library for direct reading of Microsoft Excel spreadsheets
  • library for direct reading of Microsoft Excel spreadsheets - debug
Latest version: 1.0.0g-1ubuntu0.14.04.3
Release: trusty (14.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "freexl" in Trusty

Repository Area Version
security universe 1.0.0g-1ubuntu0.14.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.0.0g-1ubuntu0.14.04.3 2018-09-25 21:06:42 UTC

  freexl (1.0.0g-1ubuntu0.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Imported changes from Debian's 1.0.0g-1+deb8u5 package
    - debian/patches/CVE-2017-2923_CVE-2017-2924.patch
    - debian/patches/security-fixes-1.0.5.patch
    - CVE-2017-2923 CVE-2017-2924 CVE-2017-7435 CVE-2017-7436 CVE-2017-7437
      CVE-2017-7438 CVE-2017-7439

 -- Mike Salvatore <email address hidden> Tue, 25 Sep 2018 12:11:00 -0400
Source diff to previous version
CVE-2017-2923 An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file
CVE-2017-2924 An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cau
CVE-2017-7435 In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malic
CVE-2017-7436 In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malic
CVE-2017-7437 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json reque
CVE-2017-7438 NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via javascript DOM modification using the supplied co
CVE-2017-7439 NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving e

Version: 1.0.0g-1ubuntu0.14.04.2 2015-11-20 01:06:28 UTC

  freexl (1.0.0g-1ubuntu0.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix issues in previous security update (LP: #1516257)
    - afl-vulnerabilitities-regression.patch: Fix regression introduced by
      afl-vulnerabilitities.patch.
    - 32bit-multiplication-overflow.patch: Fix 32 bit multiplication overflow

 -- Bas Couwenberg Thu, 12 Nov 2015 22:04:49 +0100
Source diff to previous version
1516257 [DSA 3208-2] freexl regression update

Version: 1.0.0g-1ubuntu0.14.04.1 2015-04-06 23:06:27 UTC

  freexl (1.0.0g-1ubuntu0.14.04.1) trusty-security; urgency=high

   * SECURITY UPDATE: Fix multiple vulnerabilities allowing denial of service
     or possibly execute arbitrary code (LP: #1437087):
     - CVE 2015-2753: FreeXL before 1.0.0i allows remote attackers to cause a
       denial of service (stack corruption) or possibly execute arbitrary code
       via a crafted sector in a workbook.
     - CVE 2015-2754: FreeXL before 1.0.0i allows remote attackers to cause a
       denial of service (stack corruption) and possibly execute arbitrary code
       via a crafted workbook, related to a "premature EOF."
 -- Johan Van de Wauw <email address hidden> Fri, 03 Apr 2015 22:47:20 +0200
1437087 Multiple vulnerabilities in freexl 1.0.0


About   -   Send Feedback to @ubuntu_updates