TEMP-0000000-9B1564

NameTEMP-0000000-9B1564
Descriptiontryton zipbomb DoS
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tryton-server (PTS)bullseye5.0.33-2+deb11u2vulnerable
bullseye (security)5.0.33-2+deb11u3fixed
bookworm, bookworm (security)6.0.29-2+deb12u3fixed
sid, trixie7.0.24-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tryton-serversourcebuster5.0.4-2+deb10u3
tryton-serversourcebullseye5.0.33-2+deb11u3
tryton-serversourcebookworm6.0.29-2+deb12u2
tryton-serversource(unstable)6.0.45-1

Notes

https://discuss.tryton.org/t/security-release-for-issue-13142/7196
https://foss.heptapod.net/tryton/tryton/-/issues/13142
Regression in tryton-client fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/96ccd17bd4db4be46bb42eb4217ba5c7dcb7de82 (6.0)
Search for package or bug name: Reporting problems