[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3656-1] tryton-server security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3656-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 30, 2016                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tryton-server
CVE ID         : CVE-2016-1241 CVE-2016-1242

Two vulnerabilities have been discovered in the server for the Tryton
application platform, which may result in information disclosure of
password hashes or file contents.

For the stable distribution (jessie), these problems have been fixed in
version 3.4.0-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 4.0.4-1.

We recommend that you upgrade your tryton-server packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXxfK1AAoJEBDCk7bDfE42y5cP/33eOPyaBiNdpE2FwVksHc0/
ATAzg2Q1VlqqPpHGhTcJ7r1sCv+bp6KeO9+cHgJRb2+MJih4ae3hIvYPVd6HE5iE
8JaWdR6LSlkz/OJu0HQuOuG1tM/3KGym24ZmkZOkhPEu29nsbNZ920w1iMZ34/Jw
ROYTv8I57cNEP6jB902kPod/BE67cZQy97EGi0CJoUDA8Thd6DrEXWbLO7TJGE+d
BdQlfpHG8oGusJkrGFnjiXZiGrSVwqyAY60Ybqs6kpv6HyZk1FAvAIQKvp2zcDAH
JqDI9+L/LlenAZINBgWa+zj2Zl8sd6ltKqe1P6GUGTbQWLB5Q3fIeVyqRNH89cWm
cdxsrpenwsuhJF4IcilRcAFpzdIQaoyN8AaGplyluD243tcTs7p6eVQownMacjGT
RpL5dUWFSW2G5jK/YKWpcO2gsZP2PAa6UFHM2xUPGjA5FwneqsoDQZGJttU4gDik
uXM6jNVEtEAKAFweFVmCc0qdp48phtLE8WoS0sxkkKpgs3gX7ncORH70/SzdOT9j
qwjYuNwl8CjjOQ4o6ELpkA/+yozDOXTsGv0+nWKhP5fpHYa2G2s7JWxXjQpI7H35
s8chSSekEBv38q8eeTTtccCjxSWV2R8Oww3XWzbVrIve8GXtlqrsp67YT2V6351I
7BehuaiMJoB4W/WRQOaX
=b8/Y
-----END PGP SIGNATURE-----


Reply to: