Package : tryton-server Version : 1.6.1-2+squeeze2 CVE ID : CVE-2014-6633 duesenfranz discovered, that safe_eval in trytond could be used to execute arbitrary commands, mainly via the webdav interface. The patches applied do not allow double underscores in safe_eval and avoid double evaluation from inherit with a different model.
Attachment:
signature.asc
Description: PGP signature