{"affected":[{"ecosystem_specific":{"binaries":[{"perl-Spreadsheet-ParseXLSX":"0.290.0-bp155.2.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"perl-Spreadsheet-ParseXLSX","purl":"pkg:rpm/suse/perl-Spreadsheet-ParseXLSX&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.290.0-bp155.2.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"perl-Spreadsheet-ParseXLSX":"0.290.0-bp155.2.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"perl-Spreadsheet-ParseXLSX","purl":"pkg:rpm/opensuse/perl-Spreadsheet-ParseXLSX&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.290.0-bp155.2.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for perl-Spreadsheet-ParseXLSX fixes the following issues:\n\nUpdated to 0.29:\n\n   see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes\n\n0.29:\n\n- Fix for 'Argument '' isn't numeric in addition (+) at /usr/local/shar…\n- Incorrect cell values due to phonetic data doy#72\n- Fix die message in parse()\n- Cannot open password protected SHA1 encrypted files. doy#68\n- use date format detection based on Spreadsheet::XLSX\n- Add rudimentary support for hyperlinks in cells\n\n0.28:\n\n- CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651)\n\n- Fix possible memory bomb as reported in https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md\n- Updated Dist::Zilla configuration fixing deprecation warnings\n","id":"openSUSE-SU-2024:0021-1","modified":"2024-01-16T07:30:46Z","published":"2024-01-16T07:30:46Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EHHPL7IKGNQCRM3NOTRZRDYWT4OKW47L/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218651"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-22368"}],"related":["CVE-2024-22368"],"summary":"Security update for perl-Spreadsheet-ParseXLSX","upstream":["CVE-2024-22368"]}