------------------------------------------------------------------------- Debian LTS Advisory DLA-3853-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 30, 2024 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tryton-server Version : 5.0.4-2+deb10u3 CVE ID : not yet available Cédric Krier has found that trytond, the Tryton application server, accepts compressed content from unauthenticated requests which makes it vulnerable to zip bomb attacks. For Debian 10 buster, this problem has been fixed in version 5.0.4-2+deb10u3. We recommend that you upgrade your tryton-server packages. For the detailed security status of tryton-server please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tryton-server Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part