Further update. I took some files from the new (in-progress, unfinished it
seems) upstream of libxls at https://github.com/evanmiller/libxls/, and got
some advice from the libxls maintainer.
He also put new issue tickets up, one per CVE:
And that builds. It does not pass all unit tests (R / CRAN packages tend to
have lots of those) but 'almost': 4 fail, 348 pass.
We could release this, methinks. What is your recommendation (and it has
been years since I last had to do a security release so help is as always
http://dirk.eddelbuettel.com | @eddelbuettel | e...@debian.org