You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ledger

Sigurnosni nedostaci programskog paketa ledger

openSUSE Security Update: Security update for ledger
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1895-1
Rating: moderate
References: #1052478 #1052484 #1105084
Cross-References: CVE-2017-12481 CVE-2017-12482 CVE-2017-2807
CVE-2017-2808
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________

An update that fixes four vulnerabilities is now available.

Description:

This update for ledger fixes the following issues:

ledger was updated to 3.1.3:

+ Properly reject postings with a comment right after the flag (bug #1753)
+ Make sorting order of lot information deterministic (bug #1747)
+ Fix bug in tag value parsing (bug #1702)
+ Remove the org command, which was always a hack to begin with (bug #1706)
+ Provide Docker information in README
+ Various small documentation improvements

This also includes the update to 3.1.2:

+ Increase maximum length for regex from 255 to 4095 (bug #981)
+ Initialize periods from from/since clause rather than earliest
transaction date (bug #1159)
+ Check balance assertions against the amount after the posting (bug #1147)
+ Allow balance assertions with multiple posts to same account (bug #1187)
+ Fix period duration of “every X days” and similar statements (bug #370)
+ Make option –force-color not require –color anymore (bug #1109)
+ Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting.
+ Add support for –prepend-format in accounts command
+ Fix handling of edge cases in trim function (bug #520)
+ Fix auto xact posts not getting applied to account total during journal
parse (bug #552)
+ Transfer null_post flags to generated postings
+ Fix segfault when using –market with –group-by
+ Use amount_width variable for budget report
+ Keep pending items in budgets until the last day they apply
+ Fix bug where .total used in value expressions breaks totals
+ Make automated transactions work with assertions (bug #1127)
+ Improve parsing of date tokens (bug #1626)
+ Don’t attempt to invert a value if it’s already zero (bug #1703)
+ Do not parse user-specified init-file twice
+ Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303,
CVE-2017-2807)
+ Fix use-after-free issue with deferred postings (bug #1723,
TALOS-2017-0304, CVE-2017-2808)
+ Fix possible stack overflow in option parsing routine (bug #1222,
CVE-2017-12481)
+ Fix possible stack overflow in date parsing routine (bug #1224,
CVE-2017-12482)
+ Fix use-after-free when using –gain (bug #541)
+ Python: Removed double quotes from Unicode values.
+ Python: Ensure that parse errors produce useful RuntimeErrors
+ Python: Expose journal expand_aliases
+ Python: Expose journal_t::register_account
+ Improve bash completion
+ Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode
+ Various documentation improvements

This update was imported from the openSUSE:Leap:15.0:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2019-1895=1

Package List:

– openSUSE Backports SLE-15-SP1 (ppc64le s390x x86_64):

ledger-3.1.3-bp151.4.3.1

References:

https://www.suse.com/security/cve/CVE-2017-12481.html
https://www.suse.com/security/cve/CVE-2017-12482.html
https://www.suse.com/security/cve/CVE-2017-2807.html
https://www.suse.com/security/cve/CVE-2017-2808.html
https://bugzilla.suse.com/1052478
https://bugzilla.suse.com/1052484
https://bugzilla.suse.com/1105084


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libmediainfo

Otkriveni su sigurnosni nedostaci programske biblioteke libmediainfo za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim udaljenim napadačima omogućuju izazivanje DoS stanja....

Close