CVE-2012-2238: trytond missing permissions check in button model

[Raphael Geissert <geissert () debian org>]

Hi,

FYI, there's an issue affecting trytond 2.4's button model, allowing an 
unauthorised user to execute otherwise-restricted code.

References:
http://news.tryton.org/2012/09/security-releases-for-trytond-24-series.html
http://hg.tryton.org/2.4/trytond/rev/279f0031b461
https://bugs.tryton.org/issue2757 (still hidden as of this time)

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net