{"affected":[{"ecosystem_specific":{"binaries":[{"freexl-devel":"1.0.5-8.1","libfreexl1":"1.0.5-8.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"freexl","purl":"pkg:rpm/suse/freexl&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.5-8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freexl fixes the following issues:\n\nfreexl was updated to version 1.0.5:\n\n* No changelog provided by upstream\n* Various heapoverflows in 1.0.4 have been fixed:\n\n    * CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774)\n    * CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775)\n    * CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776)\n    * CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777)\n    * CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778)\n\n","id":"openSUSE-SU-2018:0569-1","modified":"2018-03-01T08:28:24Z","published":"2018-03-01T08:28:24Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ITMXPOUUKGX36CVA3DDP2X6VCTFASB4F/#ITMXPOUUKGX36CVA3DDP2X6VCTFASB4F"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082774"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082775"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082776"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082777"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082778"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7435"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7436"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7437"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7438"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7439"}],"related":["CVE-2018-7435","CVE-2018-7436","CVE-2018-7437","CVE-2018-7438","CVE-2018-7439"],"summary":"Security update for freexl","upstream":["CVE-2018-7435","CVE-2018-7436","CVE-2018-7437","CVE-2018-7438","CVE-2018-7439"]}