Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
41b5ee34 by Salvatore Bonaccorso at 2025-11-30T07:46:30+01:00
CVE-2025-6642{2,3,4}/tryton-server assigned
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1188,25 +1188,17 @@ CVE-2024-21923 (Incorrect default permissions in AMD
StoreMI\u2122 could allow a
NOT-FOR-US: AMD
CVE-2024-21922 (A DLL hijacking vulnerability in AMD StoreMI\u2122 could allow
an atta ...)
NOT-FOR-US: AMD
-CVE-2025-XXXX [Export data does not enforce access rights]
+CVE-2025-66424 [Export data does not enforce access rights]
- tryton-server 7.0.40-1 (bug #1121243)
- [trixie] - tryton-server 7.0.30-1+deb13u1
- [bookworm] - tryton-server 6.0.29-2+deb12u4
- [bullseye] - tryton-server 5.0.33-2+deb11u4
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14366/8953
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14366
-CVE-2025-XXXX [IDOR / Access Control Issue - Unauthorized Access to User
Signatures]
+CVE-2025-66423 [IDOR / Access Control Issue - Unauthorized Access to User
Signatures]
- tryton-server 7.0.40-1 (bug #1121241)
- [trixie] - tryton-server 7.0.30-1+deb13u1
- [bookworm] - tryton-server 6.0.29-2+deb12u4
[bullseye] - tryton-server <not-affected> (Vulnerable code introduced
in 5.2.0)
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14364/8952
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14364
-CVE-2025-XXXX [Information disclosure: unhandled KeyError returns full Python
stack trace for unknown fields in JSON-RPC (model.party.party.create)]
+CVE-2025-66422 [Information disclosure: unhandled KeyError returns full Python
stack trace for unknown fields in JSON-RPC (model.party.party.create)]
- tryton-server 7.0.40-1 (bug #1121242)
- [trixie] - tryton-server 7.0.30-1+deb13u1
- [bookworm] - tryton-server 6.0.29-2+deb12u4
- [bullseye] - tryton-server 5.0.33-2+deb11u4
NOTE: https://discuss.tryton.org/t/security-release-for-issue-14354/8950
NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/14354
CVE-2025-66421 [Stored XSS Vulnerability Found in Party Field Leading to
Arbitrary JavaScript Execution]
=====================================
data/DLA/list
=====================================
@@ -1,4 +1,5 @@
[29 Nov 2025] DLA-4388-1 tryton-server - security update
+ {CVE-2025-66422 CVE-2025-66424}
[bullseye] - tryton-server 5.0.33-2+deb11u4
[29 Nov 2025] DLA-4387-1 qtbase-opensource-src - security update
{CVE-2024-39936}
=====================================
data/DSA/list
=====================================
@@ -3,6 +3,7 @@
[bookworm] - krita 1:5.1.5+dfsg-2+deb12u1
[trixie] - krita 1:5.2.9+dfsg-1+deb13u1
[27 Nov 2025] DSA-6064-1 tryton-server - security update
+ {CVE-2025-66422 CVE-2025-66423 CVE-2025-66424}
[bookworm] - tryton-server 6.0.29-2+deb12u4
[trixie] - tryton-server 7.0.30-1+deb13u1
[26 Nov 2025] DSA-6063-1 kdeconnect - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b5ee349f4ecba2396aad68e4f8191811fcb479
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/41b5ee349f4ecba2396aad68e4f8191811fcb479
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
