Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:

> This fixes CVE-2023-34795.
>
> * gnu/packages/xml.scm (xlsxio): Update to 0.2.35.
> ---
>  gnu/packages/xml.scm | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/xml.scm b/gnu/packages/xml.scm
> index cfd53a291a..4a3936b66d 100644
> --- a/gnu/packages/xml.scm
> +++ b/gnu/packages/xml.scm
> @@ -1545,7 +1545,7 @@ (define-public xerces-c
>  (define-public xlsxio
>    (package
>      (name "xlsxio")
> -    (version "0.2.33")
> +    (version "0.2.35")
>      (source
>       (origin
>         (method git-fetch)
> @@ -1554,7 +1554,7 @@ (define-public xlsxio
>               (commit version)))
>         (file-name (git-file-name name version))
>         (sha256
> -        (base32 "16i3yd168kb63za7jpycpb2by4831gz7wi90vzifdf85csc8c70s"))))
> +        (base32 "140ap2l3qy27z1fhqpkq3a44aikhr3v5zlnm9m8vag42qiagiznx"))))
>      (native-inputs
>       (list expat gnu-make minizip which))
>      (build-system gnu-build-system)
apply