openSUSE: 2019:1895-1: moderate: ledger

    Date14 Aug 2019
    CategoryopenSUSE
    282
    Posted ByLinuxSecurity Advisories
    An update that fixes four vulnerabilities is now available.
       openSUSE Security Update: Security update for ledger
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1895-1
    Rating:             moderate
    References:         #1052478 #1052484 #1105084 
    Cross-References:   CVE-2017-12481 CVE-2017-12482 CVE-2017-2807
                        CVE-2017-2808
    Affected Products:
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that fixes four vulnerabilities is now available.
    
    Description:
    
       This update for ledger fixes the following issues:
    
       ledger was updated to 3.1.3:
    
       + Properly reject postings with a comment right after the flag (bug #1753)
       + Make sorting order of lot information deterministic (bug #1747)
       + Fix bug in tag value parsing (bug #1702)
       + Remove the org command, which was always a hack to begin with (bug #1706)
       + Provide Docker information in README
       + Various small documentation improvements
    
       This also includes the update to 3.1.2:
    
       + Increase maximum length for regex from 255 to 4095 (bug #981)
       + Initialize periods from from/since clause rather than earliest
         transaction date (bug #1159)
       + Check balance assertions against the amount after the posting (bug #1147)
       + Allow balance assertions with multiple posts to same account (bug #1187)
       + Fix period duration of "every X days" and similar statements (bug #370)
       + Make option --force-color not require --color anymore (bug #1109)
       + Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting.
       + Add support for --prepend-format in accounts command
       + Fix handling of edge cases in trim function (bug #520)
       + Fix auto xact posts not getting applied to account total during journal
         parse (bug #552)
       + Transfer null_post flags to generated postings
       + Fix segfault when using --market with --group-by
       + Use amount_width variable for budget report
       + Keep pending items in budgets until the last day they apply
       + Fix bug where .total used in value expressions breaks totals
       + Make automated transactions work with assertions (bug #1127)
       + Improve parsing of date tokens (bug #1626)
       + Don't attempt to invert a value if it's already zero (bug #1703)
       + Do not parse user-specified init-file twice
       + Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303,
         CVE-2017-2807)
       + Fix use-after-free issue with deferred postings (bug #1723,
         TALOS-2017-0304, CVE-2017-2808)
       + Fix possible stack overflow in option parsing routine (bug #1222,
         CVE-2017-12481)
       + Fix possible stack overflow in date parsing routine (bug #1224,
         CVE-2017-12482)
       + Fix use-after-free when using --gain (bug #541)
       + Python: Removed double quotes from Unicode values.
       + Python: Ensure that parse errors produce useful RuntimeErrors
       + Python: Expose journal expand_aliases
       + Python: Expose journal_t::register_account
       + Improve bash completion
       + Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode
       + Various documentation improvements
    
       This update was imported from the openSUSE:Leap:15.0:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-1895=1
    
    
    
    Package List:
    
       - openSUSE Backports SLE-15-SP1 (ppc64le s390x x86_64):
    
          ledger-3.1.3-bp151.4.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2017-12481.html
       https://www.suse.com/security/cve/CVE-2017-12482.html
       https://www.suse.com/security/cve/CVE-2017-2807.html
       https://www.suse.com/security/cve/CVE-2017-2808.html
       https://bugzilla.suse.com/1052478
       https://bugzilla.suse.com/1052484
       https://bugzilla.suse.com/1105084
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.