[ubuntu/focal-security] ledgersmb 1.6.9+ds-1ubuntu0.1 (Accepted)
Paulo Flabiano Smorigo
pfsmorigo at canonical.com
Wed Sep 29 13:50:28 UTC 2021
ledgersmb (1.6.9+ds-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Cross-site Scripting
- debian/patches/1.6-cve-2021-3693.patch: Fix display of search results
and bulk-posting payments.
- debian/patches/1.6-cve-2021-3693-regression.patch: Fix regression for
failing to show errors as popups and broken downloads of backups.
- debian/patches/1.6-cve-2021-3694.patch: Use escape_html to avoid
specially crafted URL.
- CVE-2021-3693
- CVE-2021-3694
* SECURITY UPDATE: Clickjacking
- debian/patches/1.6-cve-2021-3731.patch: Set Content-Security-Policy for
the header.
- CVE-2021-3731
Date: 2021-09-28 15:00:47.059492+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
https://launchpad.net/ubuntu/+source/ledgersmb/1.6.9+ds-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list