TEMP-0000000-9B1564

NameTEMP-0000000-9B1564
Descriptiontryton zipbomb DoS
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tryton-server (PTS)jessie, jessie (lts)3.4.0-3+deb8u3vulnerable
stretch (security), stretch (lts), stretch4.2.1-2+deb9u2vulnerable
buster (security), buster, buster (lts)5.0.4-2+deb10u3fixed
bullseye (security), bullseye5.0.33-2+deb11u2vulnerable
bookworm (security), bookworm6.0.29-2+deb12u3fixed
trixie6.0.53-1fixed
sid7.0.19-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tryton-serversourcejessie(unfixed)end-of-life
tryton-serversourcestretch(unfixed)end-of-life
tryton-serversourcebuster5.0.4-2+deb10u3
tryton-serversourcebookworm6.0.29-2+deb12u2
tryton-serversource(unstable)6.0.45-1

Notes

[bullseye] - tryton-server <no-dsa> (Minor issue)
https://discuss.tryton.org/t/security-release-for-issue-13142/7196
https://foss.heptapod.net/tryton/tryton/-/issues/13142
Regression in tryton-client fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/96ccd17bd4db4be46bb42eb4217ba5c7dcb7de82 (6.0)
Search for package or bug name: Reporting problems