unsubscribe On Thu, Dec 17, 2015 at 5:20 AM, Luciano Bello <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3425-1 [email protected] > https://www.debian.org/security/ Luciano Bello > December 17, 2015 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : tryton-server > CVE ID : CVE-2015-0861 > > Cédric Krier discovered a vulnerability in the server-side of Tryton, an > application framework written in Python. An aunthenticated malicious > user can write arbitrary values in record fields due missed checks of > access permissions when multiple records are written. > > The oldstable distribution (wheezy) is not affected. > > For the stable distribution (jessie), this problem has been fixed in > version 3.4.0-3+deb8u1. > > For the unstable distribution (sid), this problem has been fixed in > version 3.8.1-1. > > We recommend that you upgrade your tryton-server packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCAAGBQJWcopTAAoJEG7C3vaP/jd0MJAP/A4csuNTEfm2+N8kbSFi4gDW > IVY+KuQgYZjT9bcmFDQfRmkYgXIi5P5RBQ7GJq8peH5XydQ1N0Yr50T5WjftLVMb > TUY7the4qCLa/JseIOzCE/MfTwMPu++LfuVfuiFiLoa2WC9FTmZwqbkqGdnT4MP7 > 5+QkI1CzfqZHYCzr2ikK0FNXhQIEgBZxbDCVyLLD55H/OqqtnytfPF3rmVeEjjCY > uWbRiIewYSNBn/fXmZimuTYK6Hv+DwwV7nUPXyYNQH3UwQ9475CJ/fPeBt7sIi1W > XX4a7yOuYxgSk/kxmNXp/Xz98H3BCD3Y3x1+LByud+bhVNGN0T0C5P1CrXGZfIVw > 8L23xZGz0506Qurm6ov94ieYvurN0Sb6rSXQTgj1O5d5ImiVYL2o1j57bImUEWJE > nZEYx3boEXLOniQJ4rvj/FwPwPmdf4VZ3ci8+WqhxGXc0TKgT45DWrEcz/KmIaQd > zVFX9/3JTjZr3w6CPXwhx6BzTanefWXGOiUlHkM50QRfI/8+i+mo9Z60dtoKF20U > QHkFlSbrx9mSGUrvFsMlnm6xRgUA2n8uTtxK6uZG4FPqhWf5Za48G08w27GigQmu > AUxLQb4/ywAdI3BvGMO0wOHc9dnxImhbI2xNRlWEGaD1qypO9+iyin7QAno6QkCa > p1fiDt0H2RqerK24GlFp > =m3b7 > -----END PGP SIGNATURE----- > >
