Bugzilla – Bug 1213869
VUL-0: trytond: security release 6.0.34
Last modified: 2023-08-28 12:22:17 UTC
Edbo 3 and Cédric Krier have found that record rules are not enforced 2 by trytond when only reading fields without an SQL type (like Function fields). Affected versions per series: trytond: 6.8: <= 6.8.2 6.6: <= 6.6.10 6.0: <= 6.0.33 5.0: <= 5.0.59 Non affected versions per series: trytond: 6.8: >= 6.8.3 6.6: >= 6.6.11 6.0: >= 6.0.34 5.0: >= 5.0.60 References: https://discuss.tryton.org/t/security-release-for-issue-12428/6397 https://foss.heptapod.net/tryton/tryton/-/issues/12428
We have: - openSUSE:Backports:SLE-15-SP4:Update/trytond: 6.0.32 - openSUSE:Backports:SLE-15-SP5:Update/trytond: 6.0.32 Already submitted for Factory.
https://build.opensuse.org/request/show/1101630
(In reply to Carlos López from comment #1) > > Already submitted for Factory. Once it is in Factory, I will push it to Backports
openSUSE-SU-2023:0209-1: An update that contains security fixes can now be installed. Category: security (moderate) Bug References: 1213869 CVE References: JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): trytond-6.0.34-bp155.2.6.1
openSUSE-SU-2023:0208-1: An update that contains security fixes can now be installed. Category: security (moderate) Bug References: 1213869 CVE References: JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): trytond-6.0.34-bp154.2.30.1
As fixes are submitted we can closed the bug
*** Bug 1214682 has been marked as a duplicate of this bug. ***