—

PYSEC-2013-28

Details

Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tryton

Introduced in: 0 Fixed in: 3.0.1

Fix pip install --upgrade 'tryton>=3.0.1'

References

http://hg.tryton.org/tryton/rev/357d0a4d9cb8 [WEB]
http://www.tryton.org/posts/security-release-for-issue3446.html [WEB]
http://www.debian.org/security/2013/dsa-2791 [ADVISORY]
http://www.openwall.com/lists/oss-security/2013/11/04/21 [WEB]
https://bugs.tryton.org/issue3446 [WEB]