Source: ledgersmb
Version: 1.6.33+ds-2.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil(a)debian.org, Debian Security Team <team(a)security.debian.org>
Control: found -1 1.6.9+ds-2+deb11u3
Hi,
The following vulnerability was published for ledgersmb.
CVE-2024-23831[0]:
| LedgerSMB is a free web-based double-entry accounting system. When a
| LedgerSMB database administrator has an active session in /setup.pl,
| an attacker can trick the admin into clicking on a link which
| automatically submits a request to setup.pl without the admin's
| consent. This request can be used to create a new user account with
| full application (/login.pl) privileges, leading to privilege
| escalation. The vulnerability is patched in versions 1.10.30 and
| 1.11.9.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-23831https://www.cve.org/CVERecord?id=CVE-2024-23831
[1] https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-q…
[2] https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c012…
Regards,
Salvatore
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.9.28
* Fix deletion of parts groups (#7363)
* Align invoice/order entry between databases with and without parts (#7374)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.9.28/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.9.28
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.9.28
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.9.28
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.9.28
These are the sha256 checksums of the uploaded files:
4b2c0c53de2d80f5fc5ec3f8ee3bea61e5624684ebb1c2d55b2c2472c904a5b4 ledgersmb-1.9.28.tar.gz
ccad27a8f22c25bbea0c5fdef564df325e9c202bd95af5713c4f8c14038b0f49 ledgersmb-1.9.28.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.9.29
* Fix regression since 1.9.27 upgrading old companies while renaming setting
* Fix selection of default AR/AP accounts while importing databases (#7419)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.9.29/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.9.29
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.9.29
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.9.29
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.9.29
These are the sha256 checksums of the uploaded files:
feaf830ea206b8a0a20a0efab93a5c70ccf29f028bc28f7156b0484ec2f99609 ledgersmb-1.9.29.tar.gz
b49c86e9a6d37f528c4a884357bd9c4954fbdd6b7c27b41ea34c34c348d67d66 ledgersmb-1.9.29.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.11.11
* Fix 'not set up for hierarchy reporting' on Entity Account screen (#8065)
* Fix date format presentation misalignment with placeholder (#7983)
* Fix order of comparison periods in PNL and B/S (#7800)
* Fix handling of discounts in invoice API (#8030)
* Restore Hebrew 'nplurals' setting back to 4
* Enable scroll bars on setup(upgrade) data fix screens (#8071)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.11.11/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.11.11
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.11.11
Docker images have been published for ARMv7 (32-bit),
ARM64 (also known as ARMv8, e.g. RPi 3+) and AMD64.
These can be pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.11.11
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.11.11
These are the sha256 checksums of the uploaded files:
90d27fcff2815476a5c1c2e890f9f71c902c44d7279d7f30eee80ce1bfc4c47b ledgersmb-1.11.11.tar.gz
92f4a019079c97e0b679e0147cb9bf07ba5e776535a8dff262a32811e76048db ledgersmb-1.11.11.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.10.33
* Enable scroll bars on setup(upgrade) data fix screens (#8071)
* Fix 'not set up for hierarchy reporting' on Entity Account screen (#8056)
* Fix order of period comparisons in PNL and B/S (#7800)
* Fix recurring transactions after setup.pl CSRF mitigation (#8042)
* Revert Hebrew 'nplurals' back to 4
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.33/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.10.33
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.10.33
Docker images have been published for ARMv7 (32-bit),
ARM64 (also known as ARMv8, e.g. RPi 3+) and AMD64.
These can be pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.10.33
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.10.33
These are the sha256 checksums of the uploaded files:
20ab27d7f8e55c60cd956cb2366428f74e7c7a3cd2d7fd96b2eefe3f72fe11b2 ledgersmb-1.10.33.tar.gz
c75769b050619102ad965233259ba0d525222736a35be55331e74297a32837ed ledgersmb-1.10.33.tar.gz.asc
