tryton-server

  • ————————————————————————- Debian LTS Advisory DLA-3853-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS ————————————————————————- Package : tryton-server Version : 5.0.4-2+deb10u3 CVE ID : not yet available Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. For Debian 10 buster, this…

    Read More

  • ————————————————————————- Debian LTS Advisory DLA-3547-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón August 29, 2023 https://wiki.debian.org/LTS ————————————————————————- Package : tryton-server Version : 5.0.4-2+deb10u2 “Edbo” and Cedric Krier discovered that the Tryton application server does enforce record rules when only reading fields without an SQL type (like Function fields). For Debian 10 buster, this problem has been fixed…

    Read More