Register | Log in

ledgersmb

financial accounting and ERP program

Choose email to subscribe with

general

source: ledgersmb (main)
version: 1.6.33+ds-2.1
maintainer: LedgerSMB Core Team (DMD)
uploaders: Robert James Clay [DMD] – Erik Huelsmann [DMD]
arch: all
std-ver: 4.3.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.6.9+ds-2+deb11u3
o-o-sec: 1.6.9+ds-2+deb11u3
oldstable: 1.6.33+ds-2.1

versioned links

1.6.9+ds-2+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.6.33+ds-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

ledgersmb

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2024-23831: LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

Created: 2024-02-03 Last update: 2025-08-10 06:32

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2024-23831: LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

Created: 2024-02-03 Last update: 2024-08-15 08:30

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

CVE-2024-23831: (needs triaging) LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-02-03 Last update: 2026-01-18 18:30

news

[2026-01-18] Removed 1.6.33+ds-2.2 from unstable (Debian FTP Masters)
[2024-11-17] ledgersmb REMOVED from testing (Debian testing watch)
[2024-05-30] ledgersmb 1.6.33+ds-2.2 MIGRATED to testing (Debian testing watch)
[2024-05-25] Accepted ledgersmb 1.6.33+ds-2.2 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2022-10-20] ledgersmb 1.6.33+ds-2.1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted ledgersmb 1.6.33+ds-2.1 (source) into unstable (Michael Biebl)
[2022-06-07] Accepted ledgersmb 1.6.33+ds-2~bpo11+1 (source all) into bullseye-backports, bullseye-backports (Debian FTP Masters) (signed by: Mattia Rizzolo)
[2022-04-14] ledgersmb 1.6.33+ds-2 MIGRATED to testing (Debian testing watch)
[2022-04-09] Accepted ledgersmb 1.6.33+ds-2 (source) into unstable (Erik Hulsmann) (signed by: Mattia Rizzolo)
[2022-01-29] ledgersmb 1.6.33+ds-1 MIGRATED to testing (Debian testing watch)
[2022-01-23] Accepted ledgersmb 1.6.33+ds-1 (source) into unstable (Erik Hulsmann) (signed by: Mattia Rizzolo)
[2021-09-07] ledgersmb 1.6.9+ds-2.1 MIGRATED to testing (Debian testing watch)
[2021-09-02] Accepted ledgersmb 1.6.9+ds-1+deb10u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-09-02] Accepted ledgersmb 1.6.9+ds-2+deb11u3 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-09-01] Accepted ledgersmb 1.6.9+ds-2.1 (source) into unstable (Mattia Rizzolo)
[2021-08-31] Accepted ledgersmb 1.6.9+ds-2+deb11u3 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-31] Accepted ledgersmb 1.6.9+ds-1+deb10u3 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-27] Accepted ledgersmb 1.6.9+ds-1+deb10u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-27] Accepted ledgersmb 1.6.9+ds-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-27] Accepted ledgersmb 1.6.9+ds-2+deb11u2 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-27] Accepted ledgersmb 1.6.9+ds-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-23] Accepted ledgersmb 1.6.9+ds-2+deb11u2 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-23] Accepted ledgersmb 1.6.9+ds-2+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-23] Accepted ledgersmb 1.6.9+ds-1+deb10u1 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-08-23] Accepted ledgersmb 1.6.9+ds-1+deb10u2 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2021-02-23] ledgersmb 1.6.9+ds-2 MIGRATED to testing (Debian testing watch)
[2021-02-12] Accepted ledgersmb 1.6.9+ds-2 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2021-02-01] ledgersmb 1.6.9+ds-1 MIGRATED to testing (Debian testing watch)
[2020-12-17] ledgersmb REMOVED from testing (Debian testing watch)
[2019-01-01] ledgersmb 1.6.9+ds-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.6.33+ds-2.2ubuntu1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing