MEDIUM 5.3

PYSEC-2016-40

Details

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tryton

Introduced in: 0 Fixed in: 3.2.17

Fix pip install --upgrade 'tryton>=3.2.17'

References

https://bugs.tryton.org/issue5795 [REPORT]
http://www.debian.org/security/2016/dsa-3656 [ADVISORY]
http://www.tryton.org/posts/security-release-for-issue5795-and-issue5808.html [ADVISORY]