Debian Linux Security Advisory 5099-1 - Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton application platform, which may result in information disclosure or denial of service.
b25947ff48a19f5ee9f846030cffd730bcfa8d6fed063069a624b2dd1c62c892
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5099-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 10, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tryton-proteus
CVE ID : CVE-2022-26661 CVE-2022-26662
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton
application platform, which may result in information disclosure or
denial of service.
For the oldstable distribution (buster), these problems have been fixed
in version 5.0.1-3+deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 5.0.8-1+deb11u1.
We recommend that you upgrade your tryton-proteus packages.
For the detailed security status of tryton-proteus please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tryton-proteus
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIqWP4ACgkQEMKTtsN8
TjZWVhAAqtHZf3SUHzH5EYObhB3HsoL57nWto+++EtdnaWcxGGkTAEQDcezCiK3g
lJ9AeE+mN2KFJ0KmT/vMrm8ksc9tbYeboPZCVQS7daPUaA6iIEFF7/kQmBxjezU8
1iBUKyr51tMS9ZUev1LTxma5Wb9o3dPcKPXWGGXhoa4rdziRCKSRXT0FFMy9uing
+Y+ZyuYRu8sSqvLA7g+/VLqMGu6c1xu/xIyypltXXn2eHSlbocc3uUPFX7w5PZv8
pzRGsr4bJhXZIfuLRhfUII056eQYQatq2dHqSrjAFvQ769zuCxXGqAVMUrP5uJe3
H+sk/bcRtzIYxLVVRK010F4ggG7bl6nnyrel8NZQF5pkjwtZxZhw9iF+zXgJ93d1
SWOU6rrsRfmUMvrIZ8Hxq2dI4j8OGXCQZa38GSShY0NmNVk+U+YNH76GioEeV+Wn
sNUHH43scqTAx6bDqX+5EhUN3BlOvP/npc28j/92oqmsKGN/6e/2Ny3KXiq0uGmQ
FZ4SUWSGWmaRJC4H3X5IstAU2kXwIqvzK54lIhYD1wonPYdAxlWgfKRhGbPGbm2c
OinTNb9yJFM+IgH/UiUxWraYd4bgzhUvhRp3MH+CtTVSLvbusd5Yf62n2DIf6+tl
LZN/wL3h+Ro83F+8l+4LIvI+c2S3PDtvDaja2pWLTTvwckMP2ds=
=BVRd
-----END PGP SIGNATURE-----