Accepted tryton-server 5.0.4-2 (source all) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 03 Apr 2019 17:29:15 +0200
Source: tryton-server
Binary: tryton-server tryton-server-doc
Architecture: source all
Version: 5.0.4-2
Distribution: unstable
Urgency: high
Maintainer: Debian Tryton Maintainers <team+tryton-team@tracker.debian.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Description:
tryton-server - Tryton Application Platform (Server)
tryton-server-doc - Tryton Application Platform (Server Documentation)
Changes:
tryton-server (5.0.4-2) unstable; urgency=high
.
* Add 03_sec_issue8189_check_read_access_on_search_order.patch
for CVE-2019-10868.
This patch fixes security issue http://bugs.tryton.org/issue8189:
Check read access on field in search_order.
An authenticated user can order records based on a field for which
he has no access right. This may allow the user to guess values.
See also https://discuss.tryton.org/t/security-release-for-issue8189/
Checksums-Sha1:
a7900dc95f55d4a9c18bfa1e5c5427e9bfaff490 2628 tryton-server_5.0.4-2.dsc
55985872ccc51538cf66340f112fab2fa2222562 30668 tryton-server_5.0.4-2.debian.tar.xz
cfe216e436c1b20f99fe9c1603a30832be7e573c 146200 tryton-server-doc_5.0.4-2_all.deb
754ea503fb157a90b8a5633a9f838d78f6bcf7eb 401780 tryton-server_5.0.4-2_all.deb
b156a1fb4200d8c958336699ccc2f13907a54792 8148 tryton-server_5.0.4-2_amd64.buildinfo
Checksums-Sha256:
bffad366dccbb2229ad080f1c404fd79a01a78a896fb4e3dd1c22ee74c596403 2628 tryton-server_5.0.4-2.dsc
7fce5b1e52925b6fe10b613b9f8ec2e2570a1f31a92bcc4116b385deff570d1d 30668 tryton-server_5.0.4-2.debian.tar.xz
235c7d76d9c139ae48df8700e9212b006bd32868566dfda3772c67399513b87a 146200 tryton-server-doc_5.0.4-2_all.deb
b8e728e0307335aeb0ca2d5dddcbac313475b58e9e30591c101af0c3ab8b5bbe 401780 tryton-server_5.0.4-2_all.deb
277697a4a5712fdf112b8564fe2ed53cebd52943ca98506d799047121988c82f 8148 tryton-server_5.0.4-2_amd64.buildinfo
Files:
2b86e06a54417af5e36107e07ced2caf 2628 python optional tryton-server_5.0.4-2.dsc
6db628dd11ed03f82bdb44a216e3de1d 30668 python optional tryton-server_5.0.4-2.debian.tar.xz
cc3f21a0d15fc81ace15bee9fde5c780 146200 doc optional tryton-server-doc_5.0.4-2_all.deb
468a068235a8ab1f1b0458d5720a91b9 401780 python optional tryton-server_5.0.4-2_all.deb
63c1325b27e65bcc90261afca6656721 8148 python optional tryton-server_5.0.4-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle
iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAlynGIMRHG1hdGhpYXNi
QG05cy5iaXoACgkQ1tCb5IQFu/bdPBAAlZIVMoNaue8X7aPY8hkGyq9DynHGANtZ
8yzMyPXlx1I5ZLTn/KItbDczW0qPnLSd7pe8Lk8B9l7f3PeKUVIZTttEmWFgc2Zk
At/X5KvIuGc2wU1b6KqkljHt8fbabLIpmPpAlfAQYUpODDmZkkL9rcwbsB8ZDxNQ
Mj0J2WhQpjVGTdoJyFPLeAg3YdisYu7pVi6tRNlzPKq/xVMMYS1SRZ0g3B7dEZBh
prrieaUH0ZmMgaS1OgI403OcTre5ExCTjYFCLcXcgAwSUJPzGZn4a90GhKwEasbC
ZJj9VlfQBFFRHAFi7OMZY47EZLj6URuS8BfIUCG275YStNT4EPjPlniVLdjKl3to
g+lYPX/Oi91plBcbI5p1nUP2PYR+yI+NGEQb5Z75AbUh3qRsC3KSd4m830zUC/Eo
HI1g/C0XRZOqLxH9J4x5DwoLJTwMJbVSE1ewZj/IpNFLyLkzu/xZMsnDIu2Yd0IY
s5rw41CJgFRqzjoDclKP9Xvs6pFwvgBBIXKyeC0VTQHO6P+tDezYvr0B4UFI4Psw
yuDQ/sDIrGu1b8+XWC9g1HzpCyZbLX4aOzHxwWyyZzvlGFsM3Rrz1uRNMPmlJhoS
jWSuyuzi5nPY6G/VoXEh+SIbQQzvVPosI6krWNxx8MZz2alyudqVC2Q3+F34deke
rqxIfEzmL9Y=
=K4ot
-----END PGP SIGNATURE-----
Reply to: