Serious vulnerability in Spreadsheet::ParseExcel (SOLVED)

A serious vulnerability in Spreadsheet::ParseExcel has been announced.

“This library is used by the Amavis virus scanner that runs on Barracuda ESG appliances. An attacker can trigger the vulnerability to execute arbitrary code on vulnerable ESG appliances through parameter injection.”

No mention of specific version numbers or of response from the Perl community in any way. What would we expect to happen in a situation like this?

Comment on Serious vulnerability in Spreadsheet::ParseExcel (SOLVED)

Replies are listed 'Best First'.
Re: Serious vulnerability in Spreadsheet::ParseExcel by pryrt (Abbot) on Jan 03, 2024 at 19:59 UTC
That CVE was for Spreadsheet::ParseExcel v0.65. And according to its change history, v0.66 was released on 2023-December-29 to fix the vulnerability.	[reply]
Re^2: Serious vulnerability in Spreadsheet::ParseExcel by Tux (Canon) on Jan 04, 2024 at 08:06 UTC
And to add: Spreadsheet::ParseXLSX also got a fix for that in release 0.28 by a new maintainer \o/ (who released 0.29 after that) Enjoy, Have FUN! H.Merijn	[reply]
Re^2: Serious vulnerability in Spreadsheet::ParseExcel by Cody Fendant (Hermit) on Jan 03, 2024 at 20:09 UTC
Thanks! My fault for not checking. It would be good if there was an update to stories about the problem mentioning that.	[reply]
Re^3: Serious vulnerability in Spreadsheet::ParseExcel (SOLVED) by LanX (Saint) on Jan 04, 2024 at 03:29 UTC
Please edit the root post and add `(SOLVED)` to the title to avoid unnecessary panic. Cheers Rolf _{(addicted to the Perl Programming Language :) see Wikisyntax for the Monastery}	[reply] [d/l]


go ahead... be a heretic
	PerlMonks