FEDORA-2023-921f6975c2
Packages in this update:
perl-Spreadsheet-ParseExcel-0.6600-1.fc39
Update description:
Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability).
perl-Spreadsheet-ParseExcel-0.6600-1.fc39
Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability).
perl-Spreadsheet-ParseExcel-0.6600-1.fc38
Fix for CVE-2023-7101 (unvalidated input can lead to arbitrary code execution vulnerability).
python-aiohttp-3.9.1-1.fc38
python-pysqueezebox-0.5.5-11.fc38
python-wled-0.4.4-11.fc38
Security fix for CVE-2023-49081, CVE-2023-49082.
Update python-aiohttp to 3.9.1.
Patch python-pysqeezebox and python-wled so they do not have an implicit dependency on python-async-timeout via python-aiohttp.
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0
python-aiohttp-3.9.1-1.fc39
python-pysqueezebox-0.5.5-11.fc39
python-wled-0.4.4-11.fc39
Security fix for CVE-2023-49081, CVE-2023-49082.
Update python-aiohttp to 3.9.1.
Patch python-pysqeezebox and python-wled so they do not have an implicit dependency on python-async-timeout via python-aiohttp.
https://github.com/aio-libs/aiohttp/releases/tag/v3.9.0
It was discovered that missing input sanitising in
libspreadsheet-parseexcel-perl, a Perl module to access information from
Excel Spreadsheets, may result in the execution of arbitrary commands if
a specially crafted document file is processed.