Register | Log in

r-cran-readxl

GNU R package to read Excel files

Choose email to subscribe with

general

source: r-cran-readxl (main)
version: 1.5.0-1
maintainer: Dirk Eddelbuettel (DMD)
arch: any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3.1-2
oldstable: 1.4.2-1
stable: 1.4.5-1
testing: 1.5.0-1
unstable: 1.5.0-1

versioned links

1.3.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

r-cran-readxl (1 bugs: 0, 1, 0, 0)

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2026-26824: libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file
CVE-2026-26825: A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

Created: 2026-06-06 Last update: 2026-06-14 19:00

2 security issues in forky high

There are 2 open security issues in forky.

2 important issues:

CVE-2026-26824: libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file
CVE-2026-26825: A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

Created: 2026-06-06 Last update: 2026-06-14 19:00

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2026-26824: libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file
CVE-2026-26825: A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

Created: 2026-06-06 Last update: 2026-06-14 19:00

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2026-26824: libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file
CVE-2026-26825: A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

Created: 2026-06-06 Last update: 2026-06-14 19:00

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2026-26824: (needs triaging) libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not fully initialized before being consumed by ole2_validate_sector_chain(), which may result in application crashes or potential information disclosure when processing a crafted XLS file
CVE-2026-26825: (needs triaging) A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory originating from the OLE layer (ole2_read). The flaw is detectable with MemorySanitizer (MSAN) and can lead to undefined behavior, incorrect parsing logic, or potential information disclosure.

You can find information about how to handle these issues in the security team's documentation.

Created: 2026-06-06 Last update: 2026-06-14 19:00

news

[2026-06-01] r-cran-readxl 1.5.0-1 MIGRATED to testing (Debian testing watch)
[2026-05-20] Accepted r-cran-readxl 1.5.0-1 (source) into unstable (Dirk Eddelbuettel)
[2025-03-29] r-cran-readxl 1.4.5-1 MIGRATED to testing (Debian testing watch)
[2025-03-17] Accepted r-cran-readxl 1.4.5-1 (source) into unstable (Dirk Eddelbuettel)
[2025-03-05] r-cran-readxl 1.4.4-1 MIGRATED to testing (Debian testing watch)
[2025-02-27] Accepted r-cran-readxl 1.4.4-1 (source) into unstable (Dirk Eddelbuettel)
[2023-07-17] r-cran-readxl 1.4.3-1 MIGRATED to testing (Debian testing watch)
[2023-07-07] Accepted r-cran-readxl 1.4.3-1 (source) into unstable (Dirk Eddelbuettel)
[2023-02-19] r-cran-readxl 1.4.2-1 MIGRATED to testing (Debian testing watch)
[2023-02-09] Accepted r-cran-readxl 1.4.2-1 (source) into unstable (Dirk Eddelbuettel)
[2022-08-27] r-cran-readxl 1.4.1-1 MIGRATED to testing (Debian testing watch)
[2022-08-20] Accepted r-cran-readxl 1.4.1-1 (source) into unstable (Dirk Eddelbuettel)
[2022-05-03] r-cran-readxl 1.4.0-1 MIGRATED to testing (Debian testing watch)
[2022-03-28] Accepted r-cran-readxl 1.4.0-1 (source) into unstable (Dirk Eddelbuettel)
[2019-08-24] r-cran-readxl 1.3.1-2 MIGRATED to testing (Debian testing watch)
[2019-08-19] Accepted r-cran-readxl 1.3.1-2 (source) into unstable (Dirk Eddelbuettel)
[2019-03-21] Accepted r-cran-readxl 1.3.1-1 (source amd64) into unstable (Dirk Eddelbuettel)
[2019-02-26] r-cran-readxl 1.3.0-1 MIGRATED to testing (Debian testing watch)
[2019-02-15] Accepted r-cran-readxl 1.3.0-1 (source amd64) into unstable (Dirk Eddelbuettel)
[2019-02-04] Accepted r-cran-readxl 0.1.1-1+deb9u2 (source amd64) into proposed-updates->stable-new, proposed-updates (Dirk Eddelbuettel)
[2019-02-02] r-cran-readxl 1.2.0.9000-1 MIGRATED to testing (Debian testing watch)
[2019-01-27] Accepted r-cran-readxl 1.2.0.9000-1 (source amd64) into unstable (Dirk Eddelbuettel)
[2018-12-29] r-cran-readxl 1.2.0-1 MIGRATED to testing (Debian testing watch)
[2018-12-23] Accepted r-cran-readxl 1.2.0-1 (source amd64) into unstable (Dirk Eddelbuettel)
[2018-04-25] r-cran-readxl 1.1.0-1 MIGRATED to testing (Debian testing watch)
[2018-04-20] Accepted r-cran-readxl 1.1.0-1 (source amd64) into unstable (Dirk Eddelbuettel)
[2018-04-18] r-cran-readxl 1.0.0-2 MIGRATED to testing (Debian testing watch)
[2018-04-16] Accepted r-cran-readxl 0.1.1-1+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Dirk Eddelbuettel)
[2018-04-16] Accepted r-cran-readxl 0.1.1-1+deb9u1 (source amd64) into stable->embargoed, stable (Dirk Eddelbuettel)
[2018-04-12] Accepted r-cran-readxl 1.0.0-2 (source amd64) into unstable (Dirk Eddelbuettel)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.5-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing