{"affected":[{"ecosystem_specific":{"binaries":[{"ledger":"3.1.3-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"ledger","purl":"pkg:rpm/suse/ledger&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.1.3-bp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ledger fixes the following issues:\n\nledger was updated to 3.1.3:\n\n+ Properly reject postings with a comment right after the flag (bug #1753)\n+ Make sorting order of lot information deterministic (bug #1747)\n+ Fix bug in tag value parsing (bug #1702)\n+ Remove the org command, which was always a hack to begin with (bug #1706)\n+ Provide Docker information in README\n+ Various small documentation improvements \n\nThis also includes the update to 3.1.2:\n\n+ Increase maximum length for regex from 255 to 4095 (bug #981)\n+ Initialize periods from from/since clause rather than earliest \n  transaction date (bug #1159)\n+ Check balance assertions against the amount after the posting (bug #1147)\n+ Allow balance assertions with multiple posts to same account (bug #1187)\n+ Fix period duration of 'every X days' and similar statements (bug #370)\n+ Make option --force-color not require --color anymore (bug #1109)\n+ Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting.\n+ Add support for --prepend-format in accounts command\n+ Fix handling of edge cases in trim function (bug #520)\n+ Fix auto xact posts not getting applied to account total during \n  journal parse (bug #552)\n+ Transfer null_post flags to generated postings\n+ Fix segfault when using --market with --group-by\n+ Use amount_width variable for budget report\n+ Keep pending items in budgets until the last day they apply\n+ Fix bug where .total used in value expressions breaks totals\n+ Make automated transactions work with assertions (bug #1127)\n+ Improve parsing of date tokens (bug #1626)\n+ Don't attempt to invert a value if it's already zero (bug #1703)\n+ Do not parse user-specified init-file twice\n+ Fix parsing issue of effective dates \n  (bug #1722, TALOS-2017-0303, CVE-2017-2807)\n+ Fix use-after-free issue with deferred postings \n  (bug #1723, TALOS-2017-0304, CVE-2017-2808)\n+ Fix possible stack overflow in option parsing routine \n  (bug #1222, CVE-2017-12481)\n+ Fix possible stack overflow in date parsing routine \n  (bug #1224, CVE-2017-12482)\n+ Fix use-after-free when using --gain (bug #541)\n+ Python: Removed double quotes from Unicode values.\n+ Python: Ensure that parse errors produce useful RuntimeErrors\n+ Python: Expose journal expand_aliases\n+ Python: Expose journal_t::register_account\n+ Improve bash completion\n+ Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode\n+ Various documentation improvements\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.","id":"openSUSE-SU-2019:1895-1","modified":"2019-08-14T15:47:31Z","published":"2019-08-14T15:47:31Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EZUJ46TYCWE2TE7FRC3IOXNICT5SPVVM/#EZUJ46TYCWE2TE7FRC3IOXNICT5SPVVM"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052478"},{"type":"REPORT","url":"https://bugzilla.suse.com/1052484"},{"type":"REPORT","url":"https://bugzilla.suse.com/1105084"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12482"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-2807"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-2808"}],"related":["CVE-2017-12481","CVE-2017-12482","CVE-2017-2807","CVE-2017-2808"],"summary":"Security update for ledger","upstream":["CVE-2017-12481","CVE-2017-12482","CVE-2017-2807","CVE-2017-2808"]}