[SECURITY] [DSA 5099-1] tryton-proteus security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5099-1] tryton-proteus security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 10 Mar 2022 20:18:43 +0000
Message-id: <[🔎] 20220310201843.GB10251@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5099-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 10, 2022                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tryton-proteus
CVE ID         : CVE-2022-26661 CVE-2022-26662

Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton
application platform, which may result in information disclosure or
denial of service.

For the oldstable distribution (buster), these problems have been fixed
in version 5.0.1-3+deb10u1.

For the stable distribution (bullseye), these problems have been fixed in
version 5.0.8-1+deb11u1.

We recommend that you upgrade your tryton-proteus packages.

For the detailed security status of tryton-proteus please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tryton-proteus

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIqWP4ACgkQEMKTtsN8
TjZWVhAAqtHZf3SUHzH5EYObhB3HsoL57nWto+++EtdnaWcxGGkTAEQDcezCiK3g
lJ9AeE+mN2KFJ0KmT/vMrm8ksc9tbYeboPZCVQS7daPUaA6iIEFF7/kQmBxjezU8
1iBUKyr51tMS9ZUev1LTxma5Wb9o3dPcKPXWGGXhoa4rdziRCKSRXT0FFMy9uing
+Y+ZyuYRu8sSqvLA7g+/VLqMGu6c1xu/xIyypltXXn2eHSlbocc3uUPFX7w5PZv8
pzRGsr4bJhXZIfuLRhfUII056eQYQatq2dHqSrjAFvQ769zuCxXGqAVMUrP5uJe3
H+sk/bcRtzIYxLVVRK010F4ggG7bl6nnyrel8NZQF5pkjwtZxZhw9iF+zXgJ93d1
SWOU6rrsRfmUMvrIZ8Hxq2dI4j8OGXCQZa38GSShY0NmNVk+U+YNH76GioEeV+Wn
sNUHH43scqTAx6bDqX+5EhUN3BlOvP/npc28j/92oqmsKGN/6e/2Ny3KXiq0uGmQ
FZ4SUWSGWmaRJC4H3X5IstAU2kXwIqvzK54lIhYD1wonPYdAxlWgfKRhGbPGbm2c
OinTNb9yJFM+IgH/UiUxWraYd4bgzhUvhRp3MH+CtTVSLvbusd5Yf62n2DIf6+tl
LZN/wL3h+Ro83F+8l+4LIvI+c2S3PDtvDaja2pWLTTvwckMP2ds=
=BVRd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5098-1] tryton-server security update
Next by Date: [SECURITY] [DSA 5100-1] nbd security update
Previous by thread: [SECURITY] [DSA 5098-1] tryton-server security update
Next by thread: [SECURITY] [DSA 5100-1] nbd security update
Index(es):
- Date
- Thread