Source: ledgersmb
Version: 1.6.33+ds-2.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil(a)debian.org, Debian Security Team <team(a)security.debian.org>
Control: found -1 1.6.9+ds-2+deb11u3
Hi,
The following vulnerability was published for ledgersmb.
CVE-2024-23831[0]:
| LedgerSMB is a free web-based double-entry accounting system. When a
| LedgerSMB database administrator has an active session in /setup.pl,
| an attacker can trick the admin into clicking on a link which
| automatically submits a request to setup.pl without the admin's
| consent. This request can be used to create a new user account with
| full application (/login.pl) privileges, leading to privilege
| escalation. The vulnerability is patched in versions 1.10.30 and
| 1.11.9.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-23831https://www.cve.org/CVERecord?id=CVE-2024-23831
[1] https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-q…
[2] https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c012…
Regards,
Salvatore
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.9.28
* Fix deletion of parts groups (#7363)
* Align invoice/order entry between databases with and without parts (#7374)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.9.28/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.9.28
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.9.28
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.9.28
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.9.28
These are the sha256 checksums of the uploaded files:
4b2c0c53de2d80f5fc5ec3f8ee3bea61e5624684ebb1c2d55b2c2472c904a5b4 ledgersmb-1.9.28.tar.gz
ccad27a8f22c25bbea0c5fdef564df325e9c202bd95af5713c4f8c14038b0f49 ledgersmb-1.9.28.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.9.29
* Fix regression since 1.9.27 upgrading old companies while renaming setting
* Fix selection of default AR/AP accounts while importing databases (#7419)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.9.29/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.9.29
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.9.29
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.9.29
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.9.29
These are the sha256 checksums of the uploaded files:
feaf830ea206b8a0a20a0efab93a5c70ccf29f028bc28f7156b0484ec2f99609 ledgersmb-1.9.29.tar.gz
b49c86e9a6d37f528c4a884357bd9c4954fbdd6b7c27b41ea34c34c348d67d66 ledgersmb-1.9.29.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.11.13
* Compatibility with Workflow 2.0 [to be released] (#8138)
* Fix recurring items re-using state of the original item (#8157)
* Fix download links at the bottom of the tax form report (#8164)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.11.13/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.11.13
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.11.13
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.11.13
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.11.13
These are the sha256 checksums of the uploaded files:
7d4461112d90db7dc63786c924d4991693e3380e03d30a657e53250a27637c55 ledgersmb-1.11.13.tar.gz
03ecdf3e43909c7d028b1fd1ade2aa05e1ce08b330aec025d91b98f0b65d8965 ledgersmb-1.11.13.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.10.35
* Fix download links at the bottom of the tax form report (#8164)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.35/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.10.35
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.10.35
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.10.35
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.10.35
These are the sha256 checksums of the uploaded files:
674c324902d826ce37e9750f3ff4deaffc56a895a19043304e62bdd46f6589f5 ledgersmb-1.10.35.tar.gz
c4a88630dd68c1e6f52b6a23d802ccde3a9228c5dda1f638006d4489759abd75 ledgersmb-1.10.35.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.11.12
* Fix download of attachments to reconciliations (#8088)
* Fix e-mailing of AR aging statements (#8111)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.11.12/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.11.12
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.11.12
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.11.12
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.11.12
These are the sha256 checksums of the uploaded files:
067eaa68e6f8ea924bef5867be81ae254b2bac24943529fe7cffeaa2e8050a6c ledgersmb-1.11.12.tar.gz
c19b2b70fcdc3ebccb096c91c20c3644944143dd7367c4502b248ffd3ce8d1cf ledgersmb-1.11.12.tar.gz.asc
The LedgerSMB development team is happy to announce yet another new
version of its open source ERP and accounting application.
This release contains the following fixes and improvements:
Changelog for 1.10.34
* Fix e-mailing of AR aging statements (#8111)
For installation instructions and system requirements, see
https://github.com/ledgersmb/LedgerSMB/blob/1.10.34/README.md
The release can be downloaded from our download site at
https://download.ledgersmb.org/f/Releases/1.10.34
The release can be downloaded from GitHub at
https://github.com/ledgersmb/LedgerSMB/releases/tag/1.10.34
Or pulled from the GitHub Container Registry
$ docker pull ghcr.io/ledgersmb/ledgersmb:1.10.34
Or pulled from Docker Hub using the command
$ docker pull ledgersmb/ledgersmb:1.10.34
These are the sha256 checksums of the uploaded files:
355ea0dff65a6647e3e2137a1a1fa0018d6b81c1b6d923c6282d6f0d8417e094 ledgersmb-1.10.34.tar.gz
c5e19aee6c7e341f8ca24fa5c40e391cb015af9dfecb809cbe669a09339748b1 ledgersmb-1.10.34.tar.gz.asc