[SECURITY] [DSA 6061-1] tryton-sao security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6061-1] tryton-sao security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 25 Nov 2025 20:05:49 +0000
Message-id: <[🔎] aSYMHUlU4tKXf9jb@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6061-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 25, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tryton-sao
CVE ID         : not yet available

Abdulfatah Abdillahi discovered a cross-site scripting vulnerability in
the web client of the Tryton application platform.

For the oldstable distribution (bookworm), this problem has been fixed
in version 6.0.28+ds1-2+deb12u2.

For the stable distribution (trixie), this problem has been fixed in
version 7.0.28+ds1-1+deb13u2.

We recommend that you upgrade your tryton-sao packages.

For the detailed security status of tryton-sao please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tryton-sao

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmkmCx4ACgkQEMKTtsN8
Tjbjnw/+KcnzznsJLxQ5Wi933SNrLDzJRfiKg0+GD1fI0GiQsM+fd5pE24/kPSE9
I2whhNU8a45QhvR4mjnsEAQWuKGMmwwALI190OkGmAWXjefb1owvLTo1IurPcrop
cZrpvMy9ls5+J5RiWjVBDI4nukdaYp/KI+Gbcfk00gF7WqXGvBJdRHQKU+DXInf/
vj39roBn2AqWpp9iCGvl4QjzFPbhrWQrSEI7F14nqthXe0AyTa5NXswQ4XBt46rV
hRlUC6kKeZfD9QeKh7N4IKhc9xGd9QN5/4IGCbgiKcNc6B43bXvvydqwalTN5VWr
lN7kYErw8bJSDMsSJmZvsyltvYTroftWFt+ertWuQJ7gSQJThtKkXKD9Ca94tOMo
14mZ0a7ClHqVVVA9TY8omde4cZepfAv+6pjabEaqqiKIKOCRNAW0gRYEbiAqmFVj
9V4RNEWIabh31JUgHHna/mUTVjiJx2/oRg36ermCbUcJww5xqVWSrxIOQD5iXLJv
GQjLWrIDQ1vsJqDmWX1eIhMIHouPC3OqI9Ca4q1dGF4CpX5dIT3WIGmo5hQf89I5
zRD5+5nvDt7D3yRUcxuT/40XQa+WHDCXCL+nkN7z9mh4gmwMnM0o/ispP3ykrhK4
j84uav92fUfbtxeAiaBe8EEvFUtiU7mfJZq8ajtsEN7qtycusts=
=l1Na
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6060-1] chromium security update
Next by Date: [SECURITY] [DSA 6062-1] pdfminer security update
Previous by thread: [SECURITY] [DSA 6060-1] chromium security update
Next by thread: [SECURITY] [DSA 6062-1] pdfminer security update
Index(es):
- Date
- Thread