-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Nov 2025 13:02:57 +0100
Source: tryton-server
Architecture: source
Version: 6.0.29-2+deb12u4
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Tryton Maintainers <team+tryton-team@tracker.debian.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Changes:
 tryton-server (6.0.29-2+deb12u4) bookworm-security; urgency=high
 .
   * Add 06_traceback_in_RPC.patch,
     07_enforce_access_check_html_editor.patch,
     08_enforce_access_check_export_data.patch
 .
     Fixes for security issues:
 .
      Enforce access check in HTML editor route
      https://bugs.debian.org/1121241 (s.a. #1121241)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14364
 .
      Include the traceback only in RPC responses in development mode
      https://bugs.debian.org/1121242 (s.a. #1121242)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14354
 .
      Enforce access check in export_data
      https://bugs.debian.org/1121243 (s.a. #1121243)
      -> https://foss.heptapod.net/tryton/tryton/-/issues/14366
Checksums-Sha1:
 c11b6766fe010aa01c3675864acd7136bc64d125 2720 tryton-server_6.0.29-2+deb12u4.dsc
 8be3e984f64459bdb9e0303adc0b952d349082ac 60816 tryton-server_6.0.29-2+deb12u4.debian.tar.xz
 6fa982dc82319f09a2540967e1168f7bd65abc2c 11278 tryton-server_6.0.29-2+deb12u4_amd64.buildinfo
Checksums-Sha256:
 8e79ea9c19d2b1a378abfa18227bb44e8ac7becd61f7b7419e07cb75d2373d0d 2720 tryton-server_6.0.29-2+deb12u4.dsc
 9f25c79b392a5c1f62e9a689c09efa1b70d1b968eb6b41106cad3f7dd12456cf 60816 tryton-server_6.0.29-2+deb12u4.debian.tar.xz
 01ffded99e75eb5cca6b82327cd3f289d21ff1c003a8cfdff4b510f5df85ea28 11278 tryton-server_6.0.29-2+deb12u4_amd64.buildinfo
Files:
 bb4960958f23887837c668997f8f20c0 2720 python optional tryton-server_6.0.29-2+deb12u4.dsc
 6898147b166e87c3b77df4eb1c3c2624 60816 python optional tryton-server_6.0.29-2+deb12u4.debian.tar.xz
 c4d175823dc78aacb70b96d62224764a 11278 python optional tryton-server_6.0.29-2+deb12u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle

iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAmknX0kRHG1hdGhpYXNi
QG05cy5iaXoACgkQ1tCb5IQFu/aDuw//TA54bU1e0k2z72J3nUKNdEdvJCZZGQ0C
tA0L/b6yPmnB2WytClGUQFheFuynMCF2ygX3MV1M+W4t/rNfwM46Bj1in76zjmJA
9q8k32huMj4enotxLSMr9H7dXP7rGBdrjQiqknwln2L9nriatvoH7jWjQjDxdIA8
4zcnn5b1uPyGBun9e7Kyh27D9UAb5DswqCKWzlptyR4cthJJvXUqziZbPEIz/4jN
ebATdjDN/KZV2ESuK2DkdW7CHrR2l/un9bSq4R8F4Pml513I872dyDuCc8v2DAou
/umo7R5j3+sQbyejXhCOjBxcZUL6JYJBmEz8o7J66+o2N1eV17I8u0xHs3ojyjSo
EPGx1v1c6L6q4ewiu5uTjGXpUIXmFa+k/CI0nGoBYY7h4dt3ALaFQH6AzBxlxO5a
iFYsS9wwXbfdC1mfdjf9RmxMnXUa0chfCYq1tMocXDsMW47Hlls2zo+FFFPoNx+R
5sTr2QRNBltUrWNaull5YWU5DLS+BD6zGbTTdB08U6pxChF8GDUdKy6nmwYWd17I
Czr6RYIvjzzkYH/umEOWUcwF9ccANF/eJfq9dC4qqgLqbjJIgi500aSGAkjLeCyZ
pF8SygeY7SXKQN2Tf/R7fVyerFmk/d+qG7zdCaOAjHW6xWnDtwuY/ijG0+0jikHz
66hcyFPCUWQ=
=y0D2
-----END PGP SIGNATURE-----