-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Nov 2025 12:32:14 +0100
Source: tryton-server
Architecture: source
Version: 7.0.30-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian Tryton Maintainers <team+tryton-team@tracker.debian.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Changes:
tryton-server (7.0.30-1+deb13u1) trixie-security; urgency=high
.
* Add 03_traceback_in_RPC.patch,
04_enforce_access_check_html_editor.patch,
05_enforce_access_check_export_data.patch
.
Fixes for security issues:
.
Enforce access check in HTML editor route
https://bugs.debian.org/1121241 (s.a. #1121241)
-> https://foss.heptapod.net/tryton/tryton/-/issues/14364
.
Include the traceback only in RPC responses in development mode
https://bugs.debian.org/1121242 (s.a. #1121242)
-> https://foss.heptapod.net/tryton/tryton/-/issues/14354
.
Enforce access check in export_data
https://bugs.debian.org/1121243 (s.a. #1121243)
-> https://foss.heptapod.net/tryton/tryton/-/issues/14366
Checksums-Sha1:
b7c76c59721bc0719991df3814b14628d3d810f2 2703 tryton-server_7.0.30-1+deb13u1.dsc
48aa67a8550d79e2f0705276234bf975165f9b79 978441 tryton-server_7.0.30.orig.tar.gz
7a7c59a785ddb5faa062bbb71a38c63575b47dd4 55728 tryton-server_7.0.30-1+deb13u1.debian.tar.xz
f9997ff9559fd32779ffcac765ccb8666831359a 10709 tryton-server_7.0.30-1+deb13u1_amd64.buildinfo
Checksums-Sha256:
9ab6d70dcf9e1d3647ae8235c2c64bc79dfe3795c70c9fd5f3e61902e6df56d8 2703 tryton-server_7.0.30-1+deb13u1.dsc
2db3ad0b436145f8a76118d8f304d60e95a1d45ce942a1a2cd7565c321759250 978441 tryton-server_7.0.30.orig.tar.gz
ce13e15d6a01eff0c915d2b0d498822a2f4a814f5572995b0b7316969e38f12b 55728 tryton-server_7.0.30-1+deb13u1.debian.tar.xz
bedca2572255f0a868439547c3a8d03d6f15251b4fecb1d35cf5327535b35ea9 10709 tryton-server_7.0.30-1+deb13u1_amd64.buildinfo
Files:
6f0bac13175627b47243223226b268a3 2703 python optional tryton-server_7.0.30-1+deb13u1.dsc
4304bb28ef02bf93157e01b815e36c10 978441 python optional tryton-server_7.0.30.orig.tar.gz
c9e21a1860a0bd9a4a7e83f0d5a7ccea 55728 python optional tryton-server_7.0.30-1+deb13u1.debian.tar.xz
609718080cbad5dbce5b9a058eb6972d 10709 python optional tryton-server_7.0.30-1+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle
iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAmkllfgRHG1hdGhpYXNi
QG05cy5iaXoACgkQ1tCb5IQFu/ZdHA//WUyp+D0SHlJpiwhzuHODHtO1h8TiKqPX
dVTkMulbCYU5uXNc+Hc5rKyHIwjiAqSFJ8wOqCloFwvVDKWN6izbD4kkNC8xSG1T
nWDV77N4dqvdRb8pD5tdXlWWByVNwIrQpR3AX82vuLLRbozb1dTZClozUV3jViha
sg6c5tTkS2IkcFJ6mdqijXC0q7UPieWVbiwM6EPE8TNZeETEnpGn2Q0rGLf4f6ee
I4MyJFgI+gajsvn2RpltJaL/382dnqgiPz7r170HYrc25RxeQGUw4Q2fWS6lMTe/
418LvBCQbXgRaZGq8hn/k79Gw7EKAJjjo/SpgUbKG+Ej9s6ti64rlyjq6qBPTeS1
uPKovkG3qDe4FoKMELWi69mfodyPSYzP1XIo4P+ykDRiocR5YR/kvVDlDtjnx3Sb
brgk9r2FPaOYa+rn6bA33Os8jfIivhjXtFZfPgoqJuwQuWbnytjyg24iMfLkQhGh
SOqXnTvNsV9qV4CSWe31Ic1oLnF7G0NDcdn9EVzLhfTxMMKczp7mlddoYYU2FR5A
koOQuNrYuByJ4aAcs2Pob3wGQK0v56Mubvu2zZrea23sK1uH21obTvl/FCrccCw+
y9qFy7AsdcD6Xcb8RZWyHuEMcUkiIQ+VKgQRB2z3ZNo7DSwqToQ5So+Czrz3vS4C
QKprG2SttcE=
=w3/4
-----END PGP SIGNATURE-----
