[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted tryton-server 4.2.1-2 (source all) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Mar 2017 11:51:14 +0200
Source: tryton-server
Binary: tryton-server tryton-server-doc
Architecture: source all
Version: 4.2.1-2
Distribution: unstable
Urgency: high
Maintainer: Debian Tryton Maintainers <maintainers@debian.tryton.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Description:
 tryton-server - Tryton Application Platform (Server)
 tryton-server-doc - Tryton Application Platform (Server Documentation)
Changes:
 tryton-server (4.2.1-2) unstable; urgency=high
 .
   * Add 02_CVE-2017-0360_sanitize_file_open.patch (CVE-2017-0360).
     Sanitize path in file_open against suffix.
     The patch for CVE-2016-1242 did not cover all cases. Indeed there is a
     case where an external file could be retrieved if it is stored in a folder
     next to the root of trytond starting with the same name but with a suffix.
     Example: '../trytond_suffix'.
Checksums-Sha1:
 8cac2b50529c3569b60c11c763a9ae2f5a4295fd 2295 tryton-server_4.2.1-2.dsc
 fc7ed77b9c24eb2a540505875d9d7c26b8c07e2f 41028 tryton-server_4.2.1-2.debian.tar.xz
 f79dd30ee6226e61f0717f115c00707430d02e30 122258 tryton-server-doc_4.2.1-2_all.deb
 976404f1dddb3f464a77ec8f108f0f0d7c18e2a1 364566 tryton-server_4.2.1-2_all.deb
 7e72fe8ee26f2f3e56df0640b309fd0b1b72a225 7728 tryton-server_4.2.1-2_amd64.buildinfo
Checksums-Sha256:
 6d294c0f7e63709021b27799f40f28936555578c0f6b86c954303e44b5753b39 2295 tryton-server_4.2.1-2.dsc
 1ccd711a3e703ed01e1a79fac5a052a9d47f3dafefdfcf107fba10883215af34 41028 tryton-server_4.2.1-2.debian.tar.xz
 fbfcb7557e7fec683a732e7f3f1c90e32a5c6ddfe09b3ea1f69f6f077bf6791c 122258 tryton-server-doc_4.2.1-2_all.deb
 81e091344f5f1d1106a8ec2f71ab5422d89ef463a04e1346d7dec1a76d8c92ba 364566 tryton-server_4.2.1-2_all.deb
 469490dbe6a9f4140f793fef62475cac40a8f53b1d4bae172e1eac9d3f95f0a6 7728 tryton-server_4.2.1-2_amd64.buildinfo
Files:
 357bce81763e16d4235c08be54cc7db0 2295 python optional tryton-server_4.2.1-2.dsc
 bd47371971aaee0d4c1e4cc75f18bfe7 41028 python optional tryton-server_4.2.1-2.debian.tar.xz
 8e676dbb5449095c455797cf8a1ec2d4 122258 doc optional tryton-server-doc_4.2.1-2_all.deb
 883adda6430b508956164292148c892c 364566 python optional tryton-server_4.2.1-2_all.deb
 fb7b94b0d343a9060b82df09c259a35e 7728 python optional tryton-server_4.2.1-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle

iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAljaMrMRHG1hdGhpYXNi
QG05cy5iaXoACgkQ1tCb5IQFu/ap1A//VB5rjV08z4tLA8xu2o9U3hwV/belGWjr
mvfVoDm1c4Ej/9qv7tp9hYam5NkZxrcghicqn/YExxaaD196BGz0FloRURmDcNnk
Q7Uuhq3DyzPV7RBHu1eYpK2Eu7T5MJ+5XhOeBAluzoN5ejXIeAT0VzBPsZHwnTJe
nSEtBdeihgGyZxwBGAE39FkCwctCWH5SltU+mbSro5KEajRV9/8MVVCZUmnwsNau
1EbA0yuruZzSAPaZeN8Ur69uiXaIaNaAwUyKl4P+J5kHQ9E1SrhwgDNmjnpy4gcb
pnKuuUb+rfLs4qMjvk2zCRGzOYZNszfBvsk1Ub8XF6Qpm+x3YkYye6X4ZS+e7ByH
H9bo8OxBt4XCaJnLYJm9dJuY64WF8ql8dGh2wcFHCPAC+8hGzmNJpGdBlL2YLOpA
ziGrozlQFxBj8ioLEYjF7ZZECdiQ5W4iIXBVUo+O3nMBl6X8GyCwat/+qlv2wyjv
xMeyF7KWq9wTYYIq5zJiWrpn7I4pXDrLyS1Yr3046f1y2MN82LTTMTVMen2nD8kM
Zllkel9kvv+ImI3rPsjo3vw1N524sChzWcSW2aW+IHFHm3Hzee3tZ6tEbHq6z/GI
GmYFLHogcGGe5QsRI1Zm9gZV0vRDAHJYoIK2iEbbZRV6LNaFTS/KaEBEEP60Vvvh
0h1XZVZ9Rh4=
=ePLO
-----END PGP SIGNATURE-----


Reply to: