Package "ledgersmb"

Name:	ledgersmb
Description:	financial accounting and ERP program
Latest version:	1.6.9+ds-1ubuntu0.1
Release:	focal (20.04)
Level:	security
Repository:	universe
Homepage:	http://www.ledgersmb.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "ledgersmb"

All arch deb package

APT INSTALL

Other versions of "ledgersmb" in Focal

Repository	Area	Version
base	universe	1.6.9+ds-1
updates	universe	1.6.9+ds-1ubuntu0.1

Changelog

Version: 1.6.9+ds-1ubuntu0.1 2021-09-29 15:06:27 UTC

ledgersmb (1.6.9+ds-1ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: Cross-site Scripting - debian/patches/1.6-cve-2021-3693.patch: Fix display of search results and bulk-posting payments. - debian/patches/1.6-cve-2021-3693-regression.patch: Fix regression for failing to show errors as popups and broken downloads of backups. - debian/patches/1.6-cve-2021-3694.patch: Use escape_html to avoid specially crafted URL. - CVE-2021-3693 - CVE-2021-3694 * SECURITY UPDATE: Clickjacking - debian/patches/1.6-cve-2021-3731.patch: Set Content-Security-Policy for the header. - CVE-2021-3731 -- Paulo Flabiano Smorigo <email address hidden> Tue, 28 Sep 2021 14:11:37 +0000

CVE-2021-3693	LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi
CVE-2021-3694	LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this fla
CVE-2021-3731	LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick

About - Send Feedback to @ubuntu_updates

Package "ledgersmb"

Links

Download "ledgersmb"

Other versions of "ledgersmb" in Focal

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates