blob: 6360f80856468f9e3c16bed533f8afc53fdafb13 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<glsa id="201606-15">
<title>FreeXL: Multiple vulnerabilities</title>
<synopsis>Multiple vulnerabilities have been found in FreeXL, allowing remote
attackers to executive arbitrary code or cause Denial of Service.
<product type="ebuild"></product>
<announced>June 26, 2016</announced>
<revised>June 26, 2016: 1</revised>
<package name="dev-libs/freexl" auto="yes" arch="*">
<unaffected range="ge">1.0.1</unaffected>
<vulnerable range="lt">1.0.1</vulnerable>
<p>FreeXL is an open source library to extract valid data from within an
Excel (.xls) spreadsheet.
<p>FreeXL’s shared strings and workbook functions are vulnerable to the
remote execution of arbitrary code and Denial of Service. This can be
achieved through specially crafted workbooks from attackers.
<impact type="normal">
<p>Remote attackers could potentially execute arbitrary code or cause
Denial of Service.
<p>There is no known workaround at this time.</p>
<p>All FreeXL users should upgrade to the latest version:</p>
# emerge --sync
# emerge --ask --oneshot --verbose "dev-libs/freexl-1.0.1"
<uri link="">CVE-2015-2753</uri>
<uri link="">CVE-2015-2754</uri>
<uri link="">CVE-2015-2776</uri>
<metadata tag="requester" timestamp="Wed, 16 Mar 2016 12:15:29 +0000">b-man</metadata>
<metadata tag="submitter" timestamp="Sun, 26 Jun 2016 23:53:53 +0000">b-man</metadata>