-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Nov 2025 13:02:57 +0100
Source: tryton-server
Binary: tryton-server tryton-server-all-in-one tryton-server-doc tryton-server-nginx tryton-server-postgresql tryton-server-uwsgi
Architecture: all
Version: 6.0.29-2+deb12u4
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Description:
 tryton-server - Tryton application platform - server
 tryton-server-all-in-one - Tryton application platform - full installation
 tryton-server-doc - Tryton application platform - server documentation
 tryton-server-nginx - Tryton application platform - Nginx integration
 tryton-server-postgresql - Tryton application platform - PostgreSQL integration
 tryton-server-uwsgi - Tryton application platform - uWSGI integration
Changes:
 tryton-server (6.0.29-2+deb12u4) bookworm-security; urgency=high
 .
   * Add 06_traceback_in_RPC.patch,
     07_enforce_access_check_html_editor.patch,
     08_enforce_access_check_export_data.patch
 .
     Fixes for security issues:
 .
      Enforce access check in HTML editor route
      https://bugs.debian.org/1121241 (s.a. #1121241)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14364
 .
      Include the traceback only in RPC responses in development mode
      https://bugs.debian.org/1121242 (s.a. #1121242)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14354
 .
      Enforce access check in export_data
      https://bugs.debian.org/1121243 (s.a. #1121243)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14366
Checksums-Sha1:
 b9c16bd1948a6ce3579c1edb528af7376a226388 23144 tryton-server-all-in-one_6.0.29-2+deb12u4_all.deb
 855e35e468e291e3f047e356a5ba61959ca8fb7a 165744 tryton-server-doc_6.0.29-2+deb12u4_all.deb
 0eebfc2b2d0a5a31657b67e33eb22b9d50c85fe0 24988 tryton-server-nginx_6.0.29-2+deb12u4_all.deb
 02762df4c60f31a8672afe7e29896df0d9e8f605 23164 tryton-server-postgresql_6.0.29-2+deb12u4_all.deb
 1b8e31fa6e83d6cc151f19e5ac8220fcd160c39a 23864 tryton-server-uwsgi_6.0.29-2+deb12u4_all.deb
 c9cb9a4537c4602dccb5a3a3e2065059cba65282 10520 tryton-server_6.0.29-2+deb12u4_all-buildd.buildinfo
 1f9280230f3075053f575c546dfad1282dcabf45 513220 tryton-server_6.0.29-2+deb12u4_all.deb
Checksums-Sha256:
 20ceef66c6fd5832e8c7d1a072c996e80da3b584e99755260ae2d8fb75e7d7b9 23144 tryton-server-all-in-one_6.0.29-2+deb12u4_all.deb
 f7df00adf1fd75c805c7b5f776d9c7b9d861505b8ceeb98d9234da658d575d2f 165744 tryton-server-doc_6.0.29-2+deb12u4_all.deb
 771d0dd639d5e59a657ce2973316a69639a78d7258b43abb556b8347319ecc50 24988 tryton-server-nginx_6.0.29-2+deb12u4_all.deb
 9fcfe8606f7b7e294b2347f12ef80661d9340ea70ee94aec5939b3fc7a8b2fd5 23164 tryton-server-postgresql_6.0.29-2+deb12u4_all.deb
 b1c4f0963264415703102aa20402e272e4ba04a76d3a3788dca7b310f690eeea 23864 tryton-server-uwsgi_6.0.29-2+deb12u4_all.deb
 cd70f36e9995c05523f2f8a7fc5ce7c73f6c3b21e40aa3587889fe693ed01f3a 10520 tryton-server_6.0.29-2+deb12u4_all-buildd.buildinfo
 1b6afd2a03fd0711214dca623002cabf463a90d4024d36b4a3136f0817f99029 513220 tryton-server_6.0.29-2+deb12u4_all.deb
Files:
 73ad452f2e65b16a9120ac34f0ee73fd 23144 python optional tryton-server-all-in-one_6.0.29-2+deb12u4_all.deb
 ae5c5a1bfe2a9cd68703ddf7621d7226 165744 doc optional tryton-server-doc_6.0.29-2+deb12u4_all.deb
 9d4a5d828375d560e71409815752f3e1 24988 python optional tryton-server-nginx_6.0.29-2+deb12u4_all.deb
 bcff09008f5b2d046d529c815dad9bf4 23164 python optional tryton-server-postgresql_6.0.29-2+deb12u4_all.deb
 81bcfabceddc39ea51d4176a470622cb 23864 python optional tryton-server-uwsgi_6.0.29-2+deb12u4_all.deb
 47342e8a41b77509da508784eef25904 10520 python optional tryton-server_6.0.29-2+deb12u4_all-buildd.buildinfo
 e19904bf230f2fbf55846082612c493b 513220 python optional tryton-server_6.0.29-2+deb12u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmknZXwACgkQx30Wh8LX
l/ZRFg/6Ao+jGa3Z0OgKOle2xIe3WrElcXw9VHwN0+Hy9spK/Mjfx5KV2xpuYPSj
mqncEruEsUh7YD9IMqJgyGPexivecOdTlcz8Jj1aJvPMHi59x/41V/zbZsqyG60X
i1flf6YqwQA0+rvqRjQ6FjsTpWLOZdGXInsCDYYFMzYBwC6Z7VRa42yAXwPeIaf2
05Say1q+TrxPFJC2jzqDBJ+CuP5LBzBAUM1+1Mnvrr4jXgG7qE3GU2IYhri56j6z
Ia/m258shuM+hzKuJKfjz4yldOPnaoqCGL8kg8xl7Dcd4tTb1an+5XfuqVCuZJ6S
KdoccfXrGbnfPOduA9y2l/Nq4NP10gDNlTq4E9jVNSVnJOhTqjaq13f+M1c3xUdt
0ZvhO6LN8cULy2IIJW0j5nQ9KurnWADdm8OdsQaCFFrxGfB3JjBkN27tguxjlhUi
/qdvyHEba+wRv8Pf9FWyky8wly/IdAAQ1/FwdzCFo1clkWdiLbfILxZJSrYp6+yB
rmu+6t4CZvZGCMosKE0FXe+Iku4/NjN9FP0PLJ2yvxn/U7UKUIAB5/AHi643YJQF
lf4Nt79dNENvJ0SiUFSwMP/6F+SGV4L+4L5bpbB13CwKQ/uRqUMicyBRGbfpw7fA
zbwvWWKR+FO5uRE1LLm/3vZkpg/EsbkRwOM5Nb822nqZnl66pVo=
=cymp
-----END PGP SIGNATURE-----