[Git][security-tracker-team/security-tracker][master] CVE-2025-6642{2,3,4}/tryton-server assigned
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 30 06:47:21 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
41b5ee34 by Salvatore Bonaccorso at 2025-11-30T07:46:30+01:00
CVE-2025-6642{2,3,4}/tryton-server assigned
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1188,25 +1188,17 @@ CVE-2024-21923 (Incorrect default permissions in AMD StoreMI\u2122 could allow a
NOT-FOR-US: AMD
CVE-2024-21922 (A DLL hijacking vulnerability in AMD StoreMI\u2122 could allow an atta ...)
NOT-FOR-US: AMD
-CVE-2025-XXXX [Export data does not enforce access rights]
+CVE-2025-66424 [Export data does not enforce access rights]
- tryton-server 7.0.40-1 (bug #1121243)
- [trixie] - tryton-server 7.0.30-1+deb13u1
- [bookworm] - tryton-server 6.0.29-2+deb12u4
- [bullseye] - tryton-server 5.0.33-2+deb11u4
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14366/8953
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14366
-CVE-2025-XXXX [IDOR / Access Control Issue - Unauthorized Access to User Signatures]
+CVE-2025-66423 [IDOR / Access Control Issue - Unauthorized Access to User Signatures]
- tryton-server 7.0.40-1 (bug #1121241)
- [trixie] - tryton-server 7.0.30-1+deb13u1
- [bookworm] - tryton-server 6.0.29-2+deb12u4
[bullseye] - tryton-server <not-affected> (Vulnerable code introduced in 5.2.0)
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14364/8952
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14364
-CVE-2025-XXXX [Information disclosure: unhandled KeyError returns full Python stack trace for unknown fields in JSON-RPC (model.party.party.create)]
+CVE-2025-66422 [Information disclosure: unhandled KeyError returns full Python stack trace for unknown fields in JSON-RPC (model.party.party.create)]
- tryton-server 7.0.40-1 (bug #1121242)
- [trixie] - tryton-server 7.0.30-1+deb13u1
- [bookworm] - tryton-server 6.0.29-2+deb12u4
- [bullseye] - tryton-server 5.0.33-2+deb11u4
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14354/8950
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14354
CVE-2025-66421 [Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution]
=====================================
data/DLA/list
=====================================
@@ -1,4 +1,5 @@
[29 Nov 2025] DLA-4388-1 tryton-server - security update
+ {CVE-2025-66422 CVE-2025-66424}
[bullseye] - tryton-server 5.0.33-2+deb11u4
[29 Nov 2025] DLA-4387-1 qtbase-opensource-src - security update
{CVE-2024-39936}
=====================================
data/DSA/list
=====================================
@@ -3,6 +3,7 @@
[bookworm] - krita 1:5.1.5+dfsg-2+deb12u1
[trixie] - krita 1:5.2.9+dfsg-1+deb13u1
[27 Nov 2025] DSA-6064-1 tryton-server - security update
+ {CVE-2025-66422 CVE-2025-66423 CVE-2025-66424}
[bookworm] - tryton-server 6.0.29-2+deb12u4
[trixie] - tryton-server 7.0.30-1+deb13u1
[26 Nov 2025] DSA-6063-1 kdeconnect - security update
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b5ee349f4ecba2396aad68e4f8191811fcb479
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b5ee349f4ecba2396aad68e4f8191811fcb479
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251130/018efb31/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list