Package: freexl / 1.0.0g-1+deb8u5

Metadata

Package Version Patches format
freexl 1.0.0g-1+deb8u5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
afl vulnerabilitities.patch | (download)

src/freexl.c | 21 20 + 1 - 0 !
1 file changed, 20 insertions(+), 1 deletion(-)

 fix critical bugs identified by american fuzzy lop.
32bit multiplication overflow.patch | (download)

src/freexl.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 fixing a critical bug (32 bit multiplication overflow) reported by rhel maintainers
afl vulnerabilitities regression.patch | (download)

src/freexl.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix regression introduced by afl-vulnerabilitities.patch.
 Initially reported as a bug in GDAL and traced to FreeXL, see:
 https://trac.osgeo.org/gdal/ticket/6200
CVE 2017 2923_CVE 2017 2924.patch | (download)

src/freexl.c | 147 88 + 59 - 0 !
1 file changed, 88 insertions(+), 59 deletions(-)

 fixing a security issue - cisco talos-2017-430 and talos-2017-431
 CVE-2017-2923 & CVE-2017-2924
security fixes 1.0.5.patch | (download)

headers/freexl.h | 5 5 + 0 - 0 !
src/freexl.c | 34 34 + 0 - 0 !
2 files changed, 39 insertions(+)

 security fixes from freexl 1.0.5.
 heap-buffer-overflow in freexl::destroy_cell of FreeXL 1.0.4
 https://bugzilla.redhat.com/show_bug.cgi?id=1547879
 .
 heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST
 https://bugzilla.redhat.com/show_bug.cgi?id=1547883
 .
 heap-buffer-overflow in freexl.c:1866 parse_SST of FreeXL 1.0.4
 https://bugzilla.redhat.com/show_bug.cgi?id=1547885
 .
 heap-buffer-overflow in freexl.c:383 parse_unicode_string of FreeXL 1.0.4
 https://bugzilla.redhat.com/show_bug.cgi?id=1547889
 .
 heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record of FreeXL 1.0.4
 https://bugzilla.redhat.com/show_bug.cgi?id=1547892
 .
 Reported upstream in:
 https://groups.google.com/d/topic/spatialite-users/b-d9iB5TDPE/discussion