oss-sec mailing list archives
CVE-2012-2238: trytond missing permissions check in button model
From: Raphael Geissert <geissert () debian org>
Date: Tue, 11 Sep 2012 17:24:10 -0500
Hi, FYI, there's an issue affecting trytond 2.4's button model, allowing an unauthorised user to execute otherwise-restricted code. References: http://news.tryton.org/2012/09/security-releases-for-trytond-24-series.html http://hg.tryton.org/2.4/trytond/rev/279f0031b461 https://bugs.tryton.org/issue2757 (still hidden as of this time) Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE-2012-2238: trytond missing permissions check in button model Raphael Geissert (Sep 11)