Morten Welinder

**Name of the Vulnerable Software and Affected Versions** libxml2 (affected versions not specified) Nokogiri (affected versions not specified) **Description** The issue is caused by a buffer overflow in the dict.c function of the libxml2 library. This can be exploited by a remote attacker to cause a denial of service, resulting in the application crashing. The exploitation can occur when a specially crafted HTML document containing an unexpected character after the "<!DOCTYPE html" substring is processed. It was also discovered that libxml2 and libxslt, which Nokogiri depends on, incorrectly handle certain malformed documents, potentially allowing malicious users to cause issues ranging from denial of service to remote code execution attacks. **Recommendations** For libxml2, consider disabling the dict.c function as a temporary workaround until a patch is available. For Nokogiri, restrict the use of libxml2 and libxslt libraries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Emacs version 21 XEmacs (affected versions not specified) **Description** The issue allows user-assisted attackers to execute arbitrary code by automatically loading and executing .flc (fast lock) files associated with edited files within Emacs. **Recommendations** For Emacs version 21, consider disabling the automatic loading of .flc files as a temporary workaround until a patch is available. For XEmacs, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gnumeric versions prior to 1.8.1 Gnumeric-doc (affected versions not specified) Gnumeric-plugins-extra (affected versions not specified) Gnumeric-common (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the Gnumeric package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the `excel read HLINK` function in Gnumeric before version 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes. **Recommendations** For Gnumeric versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. For Gnumeric-doc, Gnumeric-plugins-extra, and Gnumeric-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.