-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 03 Apr 2019 17:29:15 +0200 Source: tryton-server Binary: tryton-server tryton-server-doc Architecture: source all Version: 5.0.4-2 Distribution: unstable Urgency: high Maintainer: Debian Tryton Maintainers <team+tryton-team@tracker.debian.org> Changed-By: Mathias Behrle <mathiasb@m9s.biz> Description: tryton-server - Tryton Application Platform (Server) tryton-server-doc - Tryton Application Platform (Server Documentation) Changes: tryton-server (5.0.4-2) unstable; urgency=high . * Add 03_sec_issue8189_check_read_access_on_search_order.patch for CVE-2019-10868. This patch fixes security issue http://bugs.tryton.org/issue8189: Check read access on field in search_order. An authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values. See also https://discuss.tryton.org/t/security-release-for-issue8189/ Checksums-Sha1: a7900dc95f55d4a9c18bfa1e5c5427e9bfaff490 2628 tryton-server_5.0.4-2.dsc 55985872ccc51538cf66340f112fab2fa2222562 30668 tryton-server_5.0.4-2.debian.tar.xz cfe216e436c1b20f99fe9c1603a30832be7e573c 146200 tryton-server-doc_5.0.4-2_all.deb 754ea503fb157a90b8a5633a9f838d78f6bcf7eb 401780 tryton-server_5.0.4-2_all.deb b156a1fb4200d8c958336699ccc2f13907a54792 8148 tryton-server_5.0.4-2_amd64.buildinfo Checksums-Sha256: bffad366dccbb2229ad080f1c404fd79a01a78a896fb4e3dd1c22ee74c596403 2628 tryton-server_5.0.4-2.dsc 7fce5b1e52925b6fe10b613b9f8ec2e2570a1f31a92bcc4116b385deff570d1d 30668 tryton-server_5.0.4-2.debian.tar.xz 235c7d76d9c139ae48df8700e9212b006bd32868566dfda3772c67399513b87a 146200 tryton-server-doc_5.0.4-2_all.deb b8e728e0307335aeb0ca2d5dddcbac313475b58e9e30591c101af0c3ab8b5bbe 401780 tryton-server_5.0.4-2_all.deb 277697a4a5712fdf112b8564fe2ed53cebd52943ca98506d799047121988c82f 8148 tryton-server_5.0.4-2_amd64.buildinfo Files: 2b86e06a54417af5e36107e07ced2caf 2628 python optional tryton-server_5.0.4-2.dsc 6db628dd11ed03f82bdb44a216e3de1d 30668 python optional tryton-server_5.0.4-2.debian.tar.xz cc3f21a0d15fc81ace15bee9fde5c780 146200 doc optional tryton-server-doc_5.0.4-2_all.deb 468a068235a8ab1f1b0458d5720a91b9 401780 python optional tryton-server_5.0.4-2_all.deb 63c1325b27e65bcc90261afca6656721 8148 python optional tryton-server_5.0.4-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- Comment: Signed by Mathias Behrle iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAlynGIMRHG1hdGhpYXNi QG05cy5iaXoACgkQ1tCb5IQFu/bdPBAAlZIVMoNaue8X7aPY8hkGyq9DynHGANtZ 8yzMyPXlx1I5ZLTn/KItbDczW0qPnLSd7pe8Lk8B9l7f3PeKUVIZTttEmWFgc2Zk At/X5KvIuGc2wU1b6KqkljHt8fbabLIpmPpAlfAQYUpODDmZkkL9rcwbsB8ZDxNQ Mj0J2WhQpjVGTdoJyFPLeAg3YdisYu7pVi6tRNlzPKq/xVMMYS1SRZ0g3B7dEZBh prrieaUH0ZmMgaS1OgI403OcTre5ExCTjYFCLcXcgAwSUJPzGZn4a90GhKwEasbC ZJj9VlfQBFFRHAFi7OMZY47EZLj6URuS8BfIUCG275YStNT4EPjPlniVLdjKl3to g+lYPX/Oi91plBcbI5p1nUP2PYR+yI+NGEQb5Z75AbUh3qRsC3KSd4m830zUC/Eo HI1g/C0XRZOqLxH9J4x5DwoLJTwMJbVSE1ewZj/IpNFLyLkzu/xZMsnDIu2Yd0IY s5rw41CJgFRqzjoDclKP9Xvs6pFwvgBBIXKyeC0VTQHO6P+tDezYvr0B4UFI4Psw yuDQ/sDIrGu1b8+XWC9g1HzpCyZbLX4aOzHxwWyyZzvlGFsM3Rrz1uRNMPmlJhoS jWSuyuzi5nPY6G/VoXEh+SIbQQzvVPosI6krWNxx8MZz2alyudqVC2Q3+F34deke rqxIfEzmL9Y= =K4ot -----END PGP SIGNATURE-----