-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 11:59:53 +0200 Source: tryton-server Binary: tryton-server tryton-server-all-in-one tryton-server-doc tryton-server-nginx tryton-server-postgresql tryton-server-uwsgi Architecture: all Version: 6.0.29-2+deb12u2 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Mathias Behrle Description: tryton-server - Tryton application platform - server tryton-server-all-in-one - Tryton application platform - full installation tryton-server-doc - Tryton application platform - server documentation tryton-server-nginx - Tryton application platform - Nginx integration tryton-server-postgresql - Tryton application platform - PostgreSQL integration tryton-server-uwsgi - Tryton application platform - uWSGI integration Changes: tryton-server (6.0.29-2+deb12u2) bookworm; urgency=medium . * Add 03_deny_compressed_content_from_unauth_request.patch. This patch fixes the vulnerabilty to zip bomb attacks via decoded gzip content from unauthenticated users. https://discuss.tryton.org/t/security-release-for-issue-13142/7196 * Refresh 01_avoid_call_to_pypi.patch. Checksums-Sha1: f81aaf054757a7bb7598d5052e3434443394a6d8 22576 tryton-server-all-in-one_6.0.29-2+deb12u2_all.deb 29ba88824ad57d6dba78bb1f0937ced99ad3bd6e 165192 tryton-server-doc_6.0.29-2+deb12u2_all.deb 6790f11b407f0afbe86633bd429f666d30478cd5 24416 tryton-server-nginx_6.0.29-2+deb12u2_all.deb a95e841f93c5c7f510f11a6df4846f0848013d94 22596 tryton-server-postgresql_6.0.29-2+deb12u2_all.deb 6bddb7977896838a8cb36af75e0846dbc09aab54 23292 tryton-server-uwsgi_6.0.29-2+deb12u2_all.deb 68accf075e5edc54159b0c5ebcf6235216e1f881 10273 tryton-server_6.0.29-2+deb12u2_all-buildd.buildinfo 718981a8c7e4c1a2170c7eef120618e9afff9bec 512280 tryton-server_6.0.29-2+deb12u2_all.deb Checksums-Sha256: 4982250a34b8e0e32358b276e867c4be25024649f08dc5439286ce9bec8c8e62 22576 tryton-server-all-in-one_6.0.29-2+deb12u2_all.deb b613e43e0ea2adf7e9e3f9c2ea505b6ac06ddcde1df09e37e76ffb18afd832f6 165192 tryton-server-doc_6.0.29-2+deb12u2_all.deb f42877d5471f66e6748eaff981f5992cdc984c44d8e74890aa5e580e7c94c0c9 24416 tryton-server-nginx_6.0.29-2+deb12u2_all.deb ffce2d1ff920af98724b2d5e33a5bafbb1f45f57020b573d6a45caceaae07de8 22596 tryton-server-postgresql_6.0.29-2+deb12u2_all.deb 54374de12cabb319a09571660db7cec91b8e048d59350fcace7a8c5608006d1d 23292 tryton-server-uwsgi_6.0.29-2+deb12u2_all.deb da8ed9efeb77bde95e11778492f917bd430663130a99e1f51fdcae1afd690caa 10273 tryton-server_6.0.29-2+deb12u2_all-buildd.buildinfo b48f1ecfc6f1e8e80b24573a4690eca17fde06767c4d6db6acf339e30872a83b 512280 tryton-server_6.0.29-2+deb12u2_all.deb Files: b2ae00868e3478e77d6c9da39040911e 22576 python optional tryton-server-all-in-one_6.0.29-2+deb12u2_all.deb 761d868d211146b0010b07548aca80f1 165192 doc optional tryton-server-doc_6.0.29-2+deb12u2_all.deb c2544074aca0b688c87781684a132d6b 24416 python optional tryton-server-nginx_6.0.29-2+deb12u2_all.deb 43efa2d4aad8be9606c97612ddb89da8 22596 python optional tryton-server-postgresql_6.0.29-2+deb12u2_all.deb 0aabec7d44a9da8932d02c36e9d4c4b6 23292 python optional tryton-server-uwsgi_6.0.29-2+deb12u2_all.deb 834113ae39751332079146e3e80d5db0 10273 python optional tryton-server_6.0.29-2+deb12u2_all-buildd.buildinfo 95cc994ccb96d783fdae7dd42f939870 512280 python optional tryton-server_6.0.29-2+deb12u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmZwcc4ACgkQ4cagXJhO TXutbBAAviyckt+Uaona4QIzQ0LsQ/qbdcrhAmbFv5ZH+Cfpqn4McO0V0TCF49dF rp+NVBPk2NBxUGynEkpI0dVbRSpdhCNvGisp+4jP4beFI0BctC9vz6iyf7rpU6kC lrU81vKmdjM1+y9PdXr7Suw56V6molrU2ZhW4cD3XqQk2+JDUaIQazIxlfnyxEKM DLYvTeAeKVUqL2/m6lnEQ1CI90BXmy48yxj46UzOt51YetKeEgwXgkqReniUZ7NN Pq/8jOqNXcN6kTnrBsZw2Yqe+57CF+JPA2Y4DUqzBy8DlBKZHemSj8ssZKAgUhb3 +ZsgZFo2UuBmjoJFvMoQ4qZ3YIpBiv1fK3PMvPjcnMJlFAjeufL0hJ33MAf2Veoe BM9c03UzC/saCtDCC9SuwuYWRZbFPjcDvtW88NI7uFASgCZsWHRg0fqertMOl1/J Wg+BVqleVH7XinEAP19Ln4wGlLX/J0ipazAPdH9/AlqlBOoPFLqXDnguUW0tM8Ro MyciqLzl3GIyE1obxIng5oW9KoJAXEdbT4Xhhcp+weqzHzCz+Tgr26++Uwdnmw3M gPeKKLHmOb8k6riVpEtFpB2w65nyQuEgmEwXQ2II5Oz2v85WnxXOjQQRHFlvoS+f RUgQMubup/eQWXwilQYPD2SHjiQR3sFw0AMtm+OPlW4pRGc8k+A= =4tnv -----END PGP SIGNATURE-----