|
|
Subscribe / Log in / New account

Debian alert DLA-882-1 (tryton-server)



From:
    	      Chris Lamb <lamby@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 882-1] tryton-server security update 


Date:
    	      Tue, 04 Apr 2017 09:24:23 +0100


Message-ID:
    	      <1491294263.4174499.933455376.297DCDCB@webmail.messagingengine.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : tryton-server
Version        : 2.2.4-1+deb7u4
CVE ID         : CVE-2017-0360

It was discovered that there was a path suffix injection attack in
tryton-server, a general purpose application platform.

For Debian 7 "Wheezy", this issue has been fixed in tryton-server version
2.2.4-1+deb7u4.

We recommend that you upgrade your tryton-server packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljjWBsACgkQHpU+J9Qx
HljHVA//ce8k1XU25AYAC70J5rmdK0psVSDUABO5P3nuLI02so2SuorQqvk/bDId
Lfr79IUaQVpPYdyccEwHiyNGbnJHLRZeJxS+F2JIExsfjvIMNqDrNwVjhwQpVlUL
LEFRaNnnz3q+UZCpYWy/D1bF+YRijrWmxvuLbbXhR8X8J7Rd7kY01H3f7ejHZSrT
OH2jMWuOHFjz9273+FMzbmztpHjOoAosooQk4Ndd3nMuqgtZWm1dg37djOUEY6/f
prZt20TwBIUUWwAKdJhIatmr2HabOBho6cj9MMO+RcDtIanlOBxauTt336Tua6on
BU7cP7JUPedFpnsuw00p0QCszbybfhNLzde059xuBB8gWAOK/sK6v2cap/bccQke
58+k625N3uVE5KP8xmEteKLyqi8SQ7anAMmRsx8LJfh6v7ErigPFWtne/K4R8GEK
AoRm70L/B2OfDPFvSpywgQSW42VSeass7ZExroELQHke3AlBzsZbx13GI0SSzHah
a2iynPTET5VmRQE2I712c2Z6QgXZ1Z77fUPRMqVPwFvQ8ylve5Izg5aEadg3EJ84
OmJSVeGArJaqvIa1NkUblG7fjWIE2YCBAxkVwcswa6hEjjsAJtnwpqh3youiDG+l
S1GfYDz6u0Idf3pYC0+xlzdKUQ7+WwIYPGkOvDiThC5r6/asGm4=
=K947
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds