it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5099-1] tryton-proteus security update
- Date: Thu, 10 Mar 2022 20:18:43 +0000
- List-archive: https://lists.debian.org/msgid-search/20220310201843.GB10251 AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=zgUjMM4r7J4DF4Uyhec2MRhifZ5qbSVwZH62nEZzdG0=; b=Ol RYlzwke4YGSpHccsqKqAD4enYXrvTG7NZ+0qGGSZkfEb6DzDAlOLgzdWjZ2ZefIATtMvbUua/UNyB 3LFrrGpp+NyldvX6DB/ng9P3QMFPWqq7uFX1rECxDmxg7M4w8Kv7mhyhlaD2YZCZMK2JqfvH5IBmz HDvRR0DZWIU/wvc2ATEgaHoSAFc2rz+vY+N+7K6Qgwa5/hqLCICyBaY6ghPDG+L9JDZYFne+4UhbS D6Ufd98mpu4fGSt3C7SJCrSlarLg7jM8VrqyBU2djdgGKH9sFvWwjMwVOnZL/vRMjT77YNH27TA4J aIF7I1rh4rTt9HfNFr1mXDi3WlG4q0mg==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Thu, 10 Mar 2022 20:19:06 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <wzgdpwcvw3L.A.sHG.50lKiB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5099-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 10, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : tryton-proteus
CVE ID : CVE-2022-26661 CVE-2022-26662
Jeremy Mousset discovered two XML parsing vulnerabilities in the Tryton
application platform, which may result in information disclosure or
denial of service.
For the oldstable distribution (buster), these problems have been fixed
in version 5.0.1-3+deb10u1.
For the stable distribution (bullseye), these problems have been fixed in
version 5.0.8-1+deb11u1.
We recommend that you upgrade your tryton-proteus packages.
For the detailed security status of tryton-proteus please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tryton-proteus
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmIqWP4ACgkQEMKTtsN8
TjZWVhAAqtHZf3SUHzH5EYObhB3HsoL57nWto+++EtdnaWcxGGkTAEQDcezCiK3g
lJ9AeE+mN2KFJ0KmT/vMrm8ksc9tbYeboPZCVQS7daPUaA6iIEFF7/kQmBxjezU8
1iBUKyr51tMS9ZUev1LTxma5Wb9o3dPcKPXWGGXhoa4rdziRCKSRXT0FFMy9uing
+Y+ZyuYRu8sSqvLA7g+/VLqMGu6c1xu/xIyypltXXn2eHSlbocc3uUPFX7w5PZv8
pzRGsr4bJhXZIfuLRhfUII056eQYQatq2dHqSrjAFvQ769zuCxXGqAVMUrP5uJe3
H+sk/bcRtzIYxLVVRK010F4ggG7bl6nnyrel8NZQF5pkjwtZxZhw9iF+zXgJ93d1
SWOU6rrsRfmUMvrIZ8Hxq2dI4j8OGXCQZa38GSShY0NmNVk+U+YNH76GioEeV+Wn
sNUHH43scqTAx6bDqX+5EhUN3BlOvP/npc28j/92oqmsKGN/6e/2Ny3KXiq0uGmQ
FZ4SUWSGWmaRJC4H3X5IstAU2kXwIqvzK54lIhYD1wonPYdAxlWgfKRhGbPGbm2c
OinTNb9yJFM+IgH/UiUxWraYd4bgzhUvhRp3MH+CtTVSLvbusd5Yf62n2DIf6+tl
LZN/wL3h+Ro83F+8l+4LIvI+c2S3PDtvDaja2pWLTTvwckMP2ds=
=BVRd
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5099-1] tryton-proteus security update, Moritz Muehlenhoff, 10.03.2022
Archiv bereitgestellt durch MHonArc 2.6.24.