CVE-2021-27836: An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Three PRs listed in the issue: https://github.com/libxls/libxls/pull/95 https://github.com/libxls/libxls/pull/96 https://github.com/libxls/libxls/pull/97 Only the first two are merged, but they're merged into dev and are unreleased.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b87c35396aa212fbbb746d0bf89631987d548bc9 commit b87c35396aa212fbbb746d0bf89631987d548bc9 Author: Michael Mair-Keimberger <mmk@levelnine.at> AuthorDate: 2025-02-21 14:47:05 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2025-02-23 22:16:52 +0000 dev-libs/libxls: EAPI8 bump, add 1.6.3 Bug: https://bugs.gentoo.org/821517 Signed-off-by: Michael Mair-Keimberger <mmk@levelnine.at> Closes: https://github.com/gentoo/gentoo/pull/40684 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> dev-libs/libxls/Manifest | 1 + dev-libs/libxls/libxls-1.6.3.ebuild | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+)
Thanks! Please stabilize when ready (finally)!
