[ubuntu/hirsute-updates] ledgersmb 1.6.9+ds-2ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Sep 29 14:28:12 UTC 2021
ledgersmb (1.6.9+ds-2ubuntu0.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Cross-site Scripting
- debian/patches/1.6-cve-2021-3693.patch: Fix display of search results
and bulk-posting payments.
- debian/patches/1.6-cve-2021-3693-regression.patch: Fix regression for
failing to show errors as popups and broken downloads of backups.
- debian/patches/1.6-cve-2021-3694.patch: Use escape_html to avoid
specially crafted URL.
- CVE-2021-3693
- CVE-2021-3694
* SECURITY UPDATE: Clickjacking
- debian/patches/1.6-cve-2021-3731.patch: Set Content-Security-Policy for
the header.
- CVE-2021-3731
Date: 2021-09-28 15:02:09.843819+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ledgersmb/1.6.9+ds-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Hirsute-changes
mailing list