Bug#1121241: marked as done (tryton-server: IDOR / Access Control Issue - Unauthorized Access to User Signatures)

Mon, 24 Nov 2025 03:37:22 -0800 

Your message dated Mon, 24 Nov 2025 11:34:53 +0000
with message-id <[email protected]>
and subject line Bug#1121241: fixed in tryton-server 7.0.40-1
has caused the Debian Bug report #1121241,
regarding tryton-server: IDOR / Access Control Issue - Unauthorized Access to 
User Signatures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1121241: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121241
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: tryton-server
Version: 7.0.38-1
Severity: important
Tags: security upstream
Forwarded: https://foss.heptapod.net/tryton/tryton/-/issues/14364
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Tracking the following issue, 
https://discuss.tryton.org/t/security-release-for-issue-14364/8952
| Mahdi Afshar has found that trytond does not enforce access rights
| for the route of the HTML editor (since version 6.0).

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: tryton-server
Source-Version: 7.0.40-1
Done: Mathias Behrle <[email protected]>

We believe that the bug you reported is fixed in the latest version of
tryton-server, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mathias Behrle <[email protected]> (supplier of updated tryton-server package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Nov 2025 11:46:01 +0100
Source: tryton-server
Architecture: source
Version: 7.0.40-1
Distribution: unstable
Urgency: high
Maintainer: Debian Tryton Maintainers <[email protected]>
Changed-By: Mathias Behrle <[email protected]>
Closes: 1118953 1119158 1120335 1121241 1121242 1121243
Changes:
 tryton-server (7.0.40-1) unstable; urgency=high
 .
   * Update the Portuguese translation (Closes: #1118953).
   * Update the German translation (Closes: #1119158).
   * Update the Dutch translation (Closes: #1120335).
   * Merging upstream version 7.0.40.
     Includes fixes for security issues
     https://bugs.debian.org/1121241 (Closes: #1121241)
     -> https://foss.heptapod.net/tryton/tryton/-/issues/14364
     https://bugs.debian.org/1121242 (Closes: #1121242)
     -> https://foss.heptapod.net/tryton/tryton/-/issues/14354
     https://bugs.debian.org/1121243 (Closes: #1121243)
     -> https://foss.heptapod.net/tryton/tryton/-/issues/14366
Checksums-Sha1:
 8f4274e27b963d2e1cb35c97da682b86d03bf88c 2646 tryton-server_7.0.40-1.dsc
 50281dec855a4fdb793ed9ce3cf558c2f8efffa9 979664 
tryton-server_7.0.40.orig.tar.gz
 a1aa5cfbf6403357478a9702f8b201b664748d83 54960 
tryton-server_7.0.40-1.debian.tar.xz
 fd84d57586d23166c675d618342546c3f0cbbfb5 10547 
tryton-server_7.0.40-1_amd64.buildinfo
Checksums-Sha256:
 a2f617caf198c1b017f20ed6230874412cf5f5ec3920be2fff0b66a966ae8b64 2646 
tryton-server_7.0.40-1.dsc
 a4046c102d798db38fe9f700f18f57d2e3ea57bdf3577b54ef7773d294621aa5 979664 
tryton-server_7.0.40.orig.tar.gz
 917119802a86a1c91d57cba1be9a996044a46ee99303be7433da27966992a915 54960 
tryton-server_7.0.40-1.debian.tar.xz
 7aa68038a6262e71770d29da7c84cdadcbca0b9fb5a239f876e35ef895bbdf45 10547 
tryton-server_7.0.40-1_amd64.buildinfo
Files:
 fcb1f59ae7455978ddaabfaab5c47f2d 2646 python optional 
tryton-server_7.0.40-1.dsc
 4adb0785624fbedea976aeac03a16917 979664 python optional 
tryton-server_7.0.40.orig.tar.gz
 d5ed130646a4b8f92cb25a8ba982a6ca 54960 python optional 
tryton-server_7.0.40-1.debian.tar.xz
 4798127978b7781f7d9bd96fa62e2068 10547 python optional 
tryton-server_7.0.40-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle

iQIzBAEBCgAdFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAmkkPm8ACgkQ1tCb5IQF
u/aAgg//frP2An7EEmzeffeJeRA3hbIG3aqT01K9BXhcFw1f4huuKcJozHLlbGbD
nhjOwONQdtkwyIeMJbMRIBBuNUiA3GCckhnbLuWtxrvWDZyGvhz9sykwF1LEpAWX
HA7+VCy93wa+YBfIeydKOhoxaEnlpBb/XpJ8MwVUOK+SXxF+OZxTtqE7ME9CxI4A
XwHpzkAXZhJ1X0o7ISMqSqABwZZ7jus1IhNQYWN58sU3NH06ySXIweNGAM7gv98P
K3xgB8jkh1DYXXo4CCNjX5ehkkGAD+NeYjzLgq6UKVyeNpd+zCclNCi4wDG3/IWd
ZFudJIG0f7OH3AanXQIk6nrLfAVrOirijXlAlN9TB2XK97TetuxpHw6JlXs47kQq
x2QB9ImLrdGIJTl7Zsjwz9caWFN84OJmHF2uzu2/rsRkbTor92BSLZe/RfxFBbeB
6Epqs237gXJYy9W686nG8EEDCAtlTHKFWRZqqOzep8mlz+jRLZAmb+U9Rm1rkcxc
CbFZeD0TfqcdZWrci9a/NaiMWiPzb0ELqqKybldFycM2pf/wxUeVGHdT4OTelV7A
5Mn35OPkBNTjEPGrYKM96uNnpu59dtWGnaLijS39EQ3IlGpmQE+AoHfxL+ULr4TS
etZupYizd1K8zMkZkoDaMQnaV7IEdnGuAhDYIIrLrpxEw7O4Ru8=
=dA/9
-----END PGP SIGNATURE-----

Attachment: pgpHsEh2qvqwL.pgp
Description: PGP signature


--- End Message ---

Reply via email to