Security update for ledger (moderate)

An update that fixes four vulnerabilities is now available.

Description:

This update for ledger fixes the following issues:

ledger was updated to 3.1.3:

• Properly reject postings with a comment right after the flag (bug #1753)
• Make sorting order of lot information deterministic (bug #1747)
• Fix bug in tag value parsing (bug #1702)
• Remove the org command, which was always a hack to begin with (bug #1706)
• Provide Docker information in README
• Various small documentation improvements

This also includes the update to 3.1.2:

• Increase maximum length for regex from 255 to 4095 (bug #981)
• Initialize periods from from/since clause rather than earliest
  transaction date (bug #1159)
• Check balance assertions against the amount after the posting (bug #1147)
• Allow balance assertions with multiple posts to same account (bug #1187)
• Fix period duration of “every X days” and similar statements (bug #370)
• Make option --force-color not require --color anymore (bug #1109)
• Add quoted_rfc4180 to allow CVS output with RFC 4180 compliant quoting.
• Add support for --prepend-format in accounts command
• Fix handling of edge cases in trim function (bug #520)
• Fix auto xact posts not getting applied to account total during journal
  parse (bug #552)
• Transfer null_post flags to generated postings
• Fix segfault when using --market with --group-by
• Use amount_width variable for budget report
• Keep pending items in budgets until the last day they apply
• Fix bug where .total used in value expressions breaks totals
• Make automated transactions work with assertions (bug #1127)
• Improve parsing of date tokens (bug #1626)
• Don’t attempt to invert a value if it’s already zero (bug #1703)
• Do not parse user-specified init-file twice
• Fix parsing issue of effective dates (bug #1722, TALOS-2017-0303,
  CVE-2017-2807)
• Fix use-after-free issue with deferred postings (bug #1723,
  TALOS-2017-0304, CVE-2017-2808)
• Fix possible stack overflow in option parsing routine (bug #1222,
  CVE-2017-12481)
• Fix possible stack overflow in date parsing routine (bug #1224,
  CVE-2017-12482)
• Fix use-after-free when using --gain (bug #541)
• Python: Removed double quotes from Unicode values.
• Python: Ensure that parse errors produce useful RuntimeErrors
• Python: Expose journal expand_aliases
• Python: Expose journal_t::register_account
• Improve bash completion
• Emacs Lisp files have been moved to https://github.com/ledger/ledger-mode
• Various documentation improvements

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2019-1779=1

• openSUSE Leap 15.0:

  zypper in -t patch openSUSE-2019-1779=1