Bug#1070484: bookworm-pu: package tryton-client/tryton-client_6.0.26-1+deb12u1
* Mathias Behrle: " Bug#1070484: bookworm-pu: package
tryton-client/tryton-client_6.0.26-1+deb12u1" (Mon, 6 May 2024 11:19:28
+0200):
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> X-Debbugs-Cc: tryton-client@packages.debian.org
> Control: affects -1 + src:tryton-client
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> [ Reason ]
> Backport the patch to send only compressed content from
> authenticated sessions.
> https://foss.heptapod.net/tryton/tryton/-/commit/96ccd17bd4db4be46bb42eb4217ba5c7dcb7de82
>
> The security release
> https://discuss.tryton.org/t/security-release-for-issue-13142/7196
> and filed for Debian as 1070478@bugs.debian.org
> introduced a regression for the client shown at
> https://foss.heptapod.net/tryton/tryton/-/issues/13203
>
> [ Impact ]
> Without the patch a user could be confronted with an error in the client
> connecting to a patched server.
>
> [ Tests ]
> The test suite completes without errors. The patch is now publicly
> available and in use since 2 weeks.
>
> [ Risks ]
> The patch has minimal complexity and is from the upstream author
> who is generally very knowledgable about his code.
>
> [ Checklist ]
> [x] *all* changes are documented in the d/changelog
> [x] I reviewed all changes and I approve them
> [x] attach debdiff against the package in (old)stable
> [x] the issue is verified as fixed in unstable
>
> [ Changes ]
> The upstream commit was added as a patch that allows gzip
> compressed content only for authenticated users.
>
> [ Other info ]
> This patch follows 1070478@bugs.debian.org.
Friendly ping like for 1070478@bugs.debian.org:
"
I see that requests for bookworm-pu of other packages were accepted in the
meantime. If there is something missing or wrong with this request please let
me know.
"
Thanks,
Mathias
--
Mathias Behrle
PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
AC29 7E5C 46B9 D0B6 1C71 7681 D6D0 9BE4 8405 BBF6
Reply to: