TEMP-1121242-A5CFE9

NameTEMP-1121242-A5CFE9
DescriptionInformation disclosure: unhandled KeyError returns full Python stack trace for unknown fields in JSON-RPC (model.party.party.create)
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs1121242

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tryton-server (PTS)bullseye5.0.33-2+deb11u2vulnerable
bullseye (security)5.0.33-2+deb11u3vulnerable
bookworm, bookworm (security)6.0.29-2+deb12u3vulnerable
trixie7.0.30-1vulnerable
forky, sid7.0.38-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tryton-serversource(unstable)7.0.40-11121242

Notes

https://discuss.tryton.org/t/security-release-for-issue-14354/8950
https://foss.heptapod.net/tryton/tryton/-/issues/14354
Search for package or bug name: Reporting problems