1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tryton-server 6.0.29-2+deb12u3 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Sep 28 18:50:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Fri, 20 Sep 2024 09:20:49 +0200
    Source: tryton-server
    Architecture: source
    Version: 6.0.29-2+deb12u3
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian Tryton Maintainers <team+tryton-team@tracker.debian.org> Changed-By: Mathias Behrle <mathiasb@m9s.biz>
    Changes:
    tryton-server (6.0.29-2+deb12u3) bookworm-security; urgency=high
    .
    * Add patches for security release
    https://discuss.tryton.org/t/security-release-for-
    issues-13505-and-13506.
    - Add 04_check_read_access_of_reports_records_13505.patch:
    Check read access of report records.
    Since 982a131026e7 the access rights are no more checked on instances.
    So anyone who has access to the report action, can execute the report
    for any records.
    .
    - Add 05_retrieve_groups_actions_wo_check_access_13506.patch:
    Check read access of report records.
    get_groups does not always returns the group of the action.
    When the method is called with access checked as there is a record rule
    on ir.action, the method returns an empty set of group ids. This is
    because no actions were found if the user does not share a group.
    This makes that check access of Report and Wizard never raise an error. Checksums-Sha1:
    b8690450be8da8f93c466b3241b44c2c80e3b619 2985 tryton-server_6.0.29-2+deb12u3.dsc
    a3ae69a4a53f0633370e7df9b872d6e66bf1b765 59036 tryton-server_6.0.29-2+deb12u3.debian.tar.xz
    e6a5ec676bf1f5b6ff7c0a94211169695612f2d6 11016 tryton-server_6.0.29-2+deb12u3_amd64.buildinfo
    Checksums-Sha256:
    63bb267f296f6f62fca527b0a06e58050feb4c5c0f58c8aeb20fc6cd17430a0e 2985 tryton-server_6.0.29-2+deb12u3.dsc
    00c4b52b5f19e5e20f521d7387d1afbfcc95c7952280b777b1ad4ed2d2bfa6c5 59036 tryton-server_6.0.29-2+deb12u3.debian.tar.xz
    dbb1005ec00f27293877d9389949d84a5c57c807bbe84da4a97c54a386d425ed 11016 tryton-server_6.0.29-2+deb12u3_amd64.buildinfo
    Files:
    ce1aa6b7246b9dd46dc8c4dd0c305db8 2985 python optional tryton-server_6.0.29-2+deb12u3.dsc
    a5717c67b0c311e2ce89f6d8b6102490 59036 python optional tryton-server_6.0.29-2+deb12u3.debian.tar.xz
    cd810364a499d631e009757804f4e07c 11016 python optional tryton-server_6.0.29-2+deb12u3_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----
    Comment: Signed by Mathias Behrle

    iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAmbtLAQRHG1hdGhpYXNi QG05cy5iaXoACgkQ1tCb5IQFu/b9DxAAoRxrxZd2ilVda4PJbvRXZdxJNh1dpXAX eId14cgexJd8X4TrGJCl1cfjI60dDMGVP94ujSkqPint9W5PgR822zvpBC5Rp2b0 qPbVkyAxVEYG/nNFQzGRXg2x4EkTCt9pv7/49jXF8oMPR/dtrDCbI4pJBeelwkht DUp0tgEqNLpZqLRo1UoYbQZjU5elqLXEg0NpuYDZNVCjpA5vsAfIC2jTh0zkhARY LbxzKTG8VwKaBHeysLFZbG1jISvCQzjisdir/5/UfjamkFM7YpVeTiJXgwKNhN+F usSvP2oidhy+ACutQ7BtZOZjrDbzZQ3hFjUDWqW+rJN1aRmiKk+JtDoR+/ZOrRf8 tEOXnjPna6ZI+zpbiw0omAWL2I575MMBAsfEdUjIYq2jqQHCIWvzvixQNoPxiJnm ywz1aJZ4GLT3Jx2QOWgN6bF2vIS/7dhsB9y2Ki4IQoSQBh1ez38NgpOhRbyD/LlW pL0J2Q6AXGHXgyuTYuVgqSjE4hzgB3tObkB+oPxZ8zOfdCs1uOWFRjYioTP/DP3E XCepQVHU5IQhuS03hRSsX/+Xbl1vBfWuWjkkbWHJRXRISD3fTq1nQX6ide/Tr49w gY6kbZvEuOsasGcaFK3LlkthjSruEc8Rw9Uga6wc3Th0gY8VIelSAIHzzWDWBTfU
    ryeTG9Av7u0=
    =p533
    -----END PGP SIGNATURE-----


    --==============p74307961539001057=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZvgzEQAKCRCb9qggYcy5 IUkHAQDZyfjv9o0EgRE5/tUl0MD/PIqT/6w6wKAORaNaxvAjDQEA0BzdwE4pwDMc IrM9oII5tyCnP4mOemFf73tGV+GrfgI=oNL+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)