| Release | Version |
|---|---|
| bullseye | 5.0.33-2+deb11u2 |
| bullseye (security) | 5.0.33-2+deb11u3 |
| bookworm | 6.0.29-2+deb12u3 |
| bookworm (security) | 6.0.29-2+deb12u4 |
| trixie | 7.0.30-1 |
| trixie (security) | 7.0.30-1+deb13u1 |
| forky | 7.0.40-1 |
| sid | 7.0.40-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| TEMP-1121243-AFFB41 | vulnerable | fixed | fixed | fixed | fixed | Export data does not enforce access rights |
| TEMP-1121242-A5CFE9 | vulnerable | fixed | fixed | fixed | fixed | Information disclosure: unhandled KeyError returns full Python stack trace for unknown fields in JSON-RPC (model.party.party.create) |
| TEMP-1121241-3943A3 | vulnerable | fixed | fixed | fixed | fixed | IDOR / Access Control Issue - Unauthorized Access to User Signatures |
| Bug | Description |
|---|---|
| TEMP-0000000-FDAB26 | Transaction cache overrides the current user |
| TEMP-0000000-0477AA | get_groups does not always returns the group of the action |
| TEMP-0000000-9BB4B1 | tryton-server lack of record validation |
| TEMP-0000000-9B1564 | tryton zipbomb DoS |
| TEMP-0000000-4F0A4A | Access to records of report are not checked |
| CVE-2022-26662 | An XML Entity Expansion (XEE) issue was discovered in Tryton Applicati ... |
| CVE-2022-26661 | An XXE issue was discovered in Tryton Application Platform (Server) 5. ... |
| CVE-2019-10868 | In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 befo ... |
| CVE-2017-0360 | file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authentica ... |
| CVE-2016-1242 | file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3 ... |
| CVE-2016-1241 | Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3. ... |
| CVE-2015-0861 | model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4 ... |
| CVE-2014-6633 | The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x befor ... |
| CVE-2012-2238 | trytond 2.4: ModelView.button fails to validate authorization |
| CVE-2012-0215 | model/modelstorage.py in the Tryton application framework (trytond) be ... |
| DSA / DLA | Description |
|---|---|
| DSA-6064-1 | tryton-server - security update |
| DLA-4022-1 | tryton-server - security update |
| DSA-5776-1 | tryton-server - security update |
| DLA-3853-1 | tryton-server - security update |
| DLA-3547-1 | tryton-server - security update |
| DSA-5482-1 | tryton-server - security update |
| DLA-2945-1 | tryton-server - security update |
| DSA-5098-1 | tryton-server - security update |
| DSA-4426-1 | tryton-server - security update |
| DSA-3826-1 | tryton-server - security update |
| DLA-882-1 | tryton-server - security update |
| DLA-607-1 | tryton-server - security update |
| DSA-3656-1 | tryton-server - security update |
| DSA-3425-1 | tryton-server - security update |
| DLA-70-1 | tryton-server - security update |
| DSA-3043-1 | tryton-server - security update |
| DSA-2444-1 | tryton-server - privilege escalation |