Can someone please have a look at
pkgsrc/converters/xlreader/patches/patch-ab and tell me if it properly
fixes the security vulnerability in this package? If you've got a way
to test it (perhaps even the Excel file with the exploit that's not
included on the web site with the advisory), that would be even better.

If this does fix the vulnerability, how do I get audit-packages to
understand that the nb1 version is fixed, but the nb0 version is still
broken?

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA