[Git][security-tracker-team/security-tracker][master] tryton-server DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Nov 27 19:29:21 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d7019c70 by Moritz Mühlenhoff at 2025-11-27T20:28:52+01:00
tryton-server DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -921,14 +921,20 @@ CVE-2024-21922 (A DLL hijacking vulnerability in AMD StoreMI\u2122 could allow a
NOT-FOR-US: AMD
CVE-2025-XXXX [Export data does not enforce access rights]
- tryton-server 7.0.40-1 (bug #1121243)
+ [trixie] - tryton-server 7.0.30-1+deb13u1
+ [bookworm] - tryton-server 6.0.29-2+deb12u4
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14366/8953
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14366
CVE-2025-XXXX [IDOR / Access Control Issue - Unauthorized Access to User Signatures]
- tryton-server 7.0.40-1 (bug #1121241)
+ [trixie] - tryton-server 7.0.30-1+deb13u1
+ [bookworm] - tryton-server 6.0.29-2+deb12u4
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14364/8952
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14364
CVE-2025-XXXX [Information disclosure: unhandled KeyError returns full Python stack trace for unknown fields in JSON-RPC (model.party.party.create)]
- tryton-server 7.0.40-1 (bug #1121242)
+ [trixie] - tryton-server 7.0.30-1+deb13u1
+ [bookworm] - tryton-server 6.0.29-2+deb12u4
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14354/8950
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14354
CVE-2025-XXXX [Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution]
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Nov 2025] DSA-6064-1 tryton-server - security update
+ [bookworm] - tryton-server 6.0.29-2+deb12u4
+ [trixie] - tryton-server 7.0.30-1+deb13u1
[26 Nov 2025] DSA-6063-1 kdeconnect - security update
{CVE-2025-66270}
[trixie] - kdeconnect 25.04.2-1+deb13u1
=====================================
data/dsa-needed.txt
=====================================
@@ -78,8 +78,6 @@ tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
--
-tryton-server (jmm)
---
unbound
Guilhem Moulin proposing an update to cover CVE-2025-11411
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7019c7007bf7d3a966a2edd1efe5af92a33b151
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7019c7007bf7d3a966a2edd1efe5af92a33b151
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251127/129c333d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list