Accepted tryton-server 3.4.0-3+deb8u3 (source all) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tryton-server 3.4.0-3+deb8u3 (source all) into proposed-updates->stable-new, proposed-updates
From: Mathias Behrle <mathiasb@m9s.biz>
Date: Sat, 08 Apr 2017 15:32:15 +0000
Message-id: <[🔎] E1cwsLX-000HRd-Ru@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Mar 2017 12:28:15 +0200
Source: tryton-server
Binary: tryton-server tryton-server-doc
Architecture: source all
Version: 3.4.0-3+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Tryton Maintainers <maintainers@debian.tryton.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Description:
 tryton-server - Tryton Application Platform (Server)
 tryton-server-doc - Tryton Application Platform (Server Documentation)
Changes:
 tryton-server (3.4.0-3+deb8u3) jessie-security; urgency=high
 .
   * Add 05_CVE-2017-0360_sanitize_file_open.patch (CVE-2017-0360).
     Sanitize path in file_open against suffix.
     The patch for CVE-2016-1242 did not cover all cases. Indeed there
     is a case where an external file could be retrieved if it is stored in a
     folder next to the root of trytond starting with the same name but
     with a suffix. Example: '../trytond_suffix'.
Checksums-Sha1:
 92bf5cbfeca11a20408180630f6bf6ebfc757cc6 2201 tryton-server_3.4.0-3+deb8u3.dsc
 86a2269dfe9d97c90fc093f77fea4ac93624237b 31020 tryton-server_3.4.0-3+deb8u3.debian.tar.xz
 f8e9cc1f5f5497130180988cb5cb2abd6e568336 318000 tryton-server_3.4.0-3+deb8u3_all.deb
 dd7e2f9b8645ea04dd667d0e8315a42982f0e2b6 104828 tryton-server-doc_3.4.0-3+deb8u3_all.deb
Checksums-Sha256:
 a000332fdf67ccef8327e90b3ca0a5882d825a4a9531ac6011c0d8f833e933a9 2201 tryton-server_3.4.0-3+deb8u3.dsc
 151813d7a66acfa95b8f34e4bbc42b89377b725ab119c85975ebb98fad41ab67 31020 tryton-server_3.4.0-3+deb8u3.debian.tar.xz
 660ebc1e4fdd740014d6ef44fc05ee99f8bbc9b9b8fe740da408f21bcc149373 318000 tryton-server_3.4.0-3+deb8u3_all.deb
 41f92063d9eadcd2d8203ce2a9253cfefd657cc622348237196576df4fc462ef 104828 tryton-server-doc_3.4.0-3+deb8u3_all.deb
Files:
 2b7738efc0c911516a75ff05f86c0948 2201 python optional tryton-server_3.4.0-3+deb8u3.dsc
 2d0f67b9912c9d72001f97a4a56376e8 31020 python optional tryton-server_3.4.0-3+deb8u3.debian.tar.xz
 a9f0b4b107172810dee4de9f57d9a02f 318000 python optional tryton-server_3.4.0-3+deb8u3_all.deb
 fde0c0fb2dabf5e17452e9de12e702a9 104828 doc optional tryton-server-doc_3.4.0-3+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle

iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAljaO4oRHG1hdGhpYXNi
QG05cy5iaXoACgkQ1tCb5IQFu/bcQxAAlqPvTojJXM8sUd1Tg8acq9sc/cbx+kNu
HH3e5dIXlpYTSV2UBnrQhr5VoppgXfhwbmjj5Kek2EY1EWhY9PPj5v3pouEK43Ri
LRNLKaUYRu0GY3/PL0NVHIK4qUHDR1lrM5GQWZEGxO1wPTL4qyvm9KarPqxj17eL
CyK2DSrKEjYMtOsBa6k+A/J0/nvx75q8M2HPm8CM5JhSCrF5ZqeCLreJUrrrXOsj
X7G0tsshazNR49keo+5GdxFP7yqfz9F/QEaKgW4iwjDkgVQEwa7nnuioQT4LlwXd
/OIzM/zmwsq36Rdg3vzUPICleJHhXISAWaqYWWmFw3poT7AulsbZ9kHvZw2M+m0d
50xkwzn+GbBc42wJaW06Qv3RJS/BcDAUZUPwxEtSEPk9tvI1RPd5Qiy3gzksrPUf
DwhQFbAbS/P41oz8Cya/P+IY3SQ1v357Ug2v/IhCmlzs1QWAYPNXZ4AoYZLVXPmm
VNv/cTiNs30zuhFZXo1mGhdJ6EKr2yxbdtsopESDMegCxlSwH1kmO2vwwnVoAxY1
9kWwcxuQcgK2wene5cavAYcMmfgbKfqk1cnG2Kb1RPsIPdwKU7AHMXqorRQtURMI
7jnTEwaUsceGiDI/MWn4QvC9TM/a6sJTJT0vEMHEIAo0gTX5LHgZykSxQClOu6Vu
5Tl7kSCKi2A=
=cD1y
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted tzdata 2017b-0+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates
Next by Date: Accepted nvidia-graphics-drivers 340.102-1 (source) into proposed-updates->stable-new, proposed-updates
Previous by thread: Accepted tzdata 2017b-0+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates
Next by thread: Accepted nvidia-graphics-drivers 340.102-1 (source) into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread