[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 70-1] tryton-server security update



Package        : tryton-server
Version        : 1.6.1-2+squeeze2
CVE ID         : CVE-2014-6633

duesenfranz discovered, that safe_eval in trytond could be used to execute
arbitrary commands, mainly via the webdav interface. The patches applied do not
allow double underscores in safe_eval and avoid double evaluation from inherit
with a different model.

Attachment: signature.asc
Description: PGP signature


Reply to: