openSUSE-SU-2019:1895-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1895-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1895-1
Upstream
Related
Published
2019-08-14T15:47:31Z
Modified
2025-05-07T18:09:31.652967Z
Summary
Security update for ledger
Details

This update for ledger fixes the following issues:

ledger was updated to 3.1.3:

  • Properly reject postings with a comment right after the flag (bug #1753)
  • Make sorting order of lot information deterministic (bug #1747)
  • Fix bug in tag value parsing (bug #1702)
  • Remove the org command, which was always a hack to begin with (bug #1706)
  • Provide Docker information in README
  • Various small documentation improvements

This also includes the update to 3.1.2:

  • Increase maximum length for regex from 255 to 4095 (bug #981)
  • Initialize periods from from/since clause rather than earliest transaction date (bug #1159)
  • Check balance assertions against the amount after the posting (bug #1147)
  • Allow balance assertions with multiple posts to same account (bug #1187)
  • Fix period duration of 'every X days' and similar statements (bug #370)
  • Make option --force-color not require --color anymore (bug #1109)
  • Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting.
  • Add support for --prepend-format in accounts command
  • Fix handling of edge cases in trim function (bug #520)
  • Fix auto xact posts not getting applied to account total during journal parse (bug #552)
  • Transfer null_post flags to generated postings
  • Fix segfault when using --market with --group-by
  • Use amount_width variable for budget report
  • Keep pending items in budgets until the last day they apply
  • Fix bug where .total used in value expressions breaks totals
  • Make automated transactions work with assertions (bug #1127)
  • Improve parsing of date tokens (bug #1626)
  • Don't attempt to invert a value if it's already zero (bug #1703)
  • Do not parse user-specified init-file twice
  • Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303, CVE-2017-2807)
  • Fix use-after-free issue with deferred postings (bug #1723, TALOS-2017-0304, CVE-2017-2808)
  • Fix possible stack overflow in option parsing routine (bug #1222, CVE-2017-12481)
  • Fix possible stack overflow in date parsing routine (bug #1224, CVE-2017-12482)
  • Fix use-after-free when using --gain (bug #541)
  • Python: Removed double quotes from Unicode values.
  • Python: Ensure that parse errors produce useful RuntimeErrors
  • Python: Expose journal expand_aliases
  • Python: Expose journalt::registeraccount
  • Improve bash completion
  • Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode
  • Various documentation improvements

This update was imported from the openSUSE:Leap:15.0:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP1 / ledger

Package

Name
ledger
Purl
pkg:rpm/suse/ledger&distro=SUSE%20Package%20Hub%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.3-bp151.4.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "ledger": "3.1.3-bp151.4.3.1"
        }
    ]
}