Package "ledgersmb"
Name: |
ledgersmb
|
Description: |
financial accounting and ERP program
|
Latest version: |
1.6.9+ds-1ubuntu0.1 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
http://www.ledgersmb.org/ |
Links
Download "ledgersmb"
Other versions of "ledgersmb" in Focal
Changelog
ledgersmb (1.6.9+ds-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Cross-site Scripting
- debian/patches/1.6-cve-2021-3693.patch: Fix display of search results
and bulk-posting payments.
- debian/patches/1.6-cve-2021-3693-regression.patch: Fix regression for
failing to show errors as popups and broken downloads of backups.
- debian/patches/1.6-cve-2021-3694.patch: Use escape_html to avoid
specially crafted URL.
- CVE-2021-3693
- CVE-2021-3694
* SECURITY UPDATE: Clickjacking
- debian/patches/1.6-cve-2021-3731.patch: Set Content-Security-Policy for
the header.
- CVE-2021-3731
-- Paulo Flabiano Smorigo <email address hidden> Tue, 28 Sep 2021 14:11:37 +0000
|
CVE-2021-3693 |
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi |
CVE-2021-3694 |
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this fla |
CVE-2021-3731 |
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick |
|
About
-
Send Feedback to @ubuntu_updates