[ubuntu/noble-updates] ledgersmb 1.6.33+ds-2.1ubuntu0.1 (Accepted)

Thu Jul 17 15:59:05 UTC 2025

ledgersmb (1.6.33+ds-2.1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: No origin check for HTML fragments
    - debian/patches/CVE-2021-3693.patch: Fix regression of errors not
      creating pop-ups
    - CVE-2021-3693
  * SECURITY UPDATE: Missing secure attribute over HTTPS
    - debian/patches/CVE-2021-3882.patch: Use HTTPS environment setting
      to detect https connections
    - CVE-2021-3882
  * SECURITY UPDATE: Privilege escalation
    - debian/patches/CVE-2024-23831.patch: Fix missing CSRF mitigation
    - CVE-2024-23831

Date: 2025-07-15 17:50:35.999042+00:00
Changed-By: John Breton <john.breton at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ledgersmb/1.6.33+ds-2.1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.