-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 20 Sep 2024 09:20:49 +0200
Source: tryton-server
Architecture: source
Version: 6.0.29-2+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Tryton Maintainers <team+tryton-team@tracker.debian.org>
Changed-By: Mathias Behrle <mathiasb@m9s.biz>
Changes:
 tryton-server (6.0.29-2+deb12u3) bookworm-security; urgency=high
 .
   * Add patches for security release
     https://discuss.tryton.org/t/security-release-for-
     issues-13505-and-13506.
     - Add 04_check_read_access_of_reports_records_13505.patch:
      Check read access of report records.
      Since 982a131026e7 the access rights are no more checked on instances.
      So anyone who has access to the report action, can execute the report
      for any records.
 .
     - Add 05_retrieve_groups_actions_wo_check_access_13506.patch:
      Check read access of report records.
      get_groups does not always returns the group of the action.
      When the method is called with access checked as there is a record rule
      on ir.action, the method returns an empty set of group ids. This is
      because no actions were found if the user does not share a group.
      This makes that check access of Report and Wizard never raise an error.
Checksums-Sha1:
 b8690450be8da8f93c466b3241b44c2c80e3b619 2985 tryton-server_6.0.29-2+deb12u3.dsc
 a3ae69a4a53f0633370e7df9b872d6e66bf1b765 59036 tryton-server_6.0.29-2+deb12u3.debian.tar.xz
 e6a5ec676bf1f5b6ff7c0a94211169695612f2d6 11016 tryton-server_6.0.29-2+deb12u3_amd64.buildinfo
Checksums-Sha256:
 63bb267f296f6f62fca527b0a06e58050feb4c5c0f58c8aeb20fc6cd17430a0e 2985 tryton-server_6.0.29-2+deb12u3.dsc
 00c4b52b5f19e5e20f521d7387d1afbfcc95c7952280b777b1ad4ed2d2bfa6c5 59036 tryton-server_6.0.29-2+deb12u3.debian.tar.xz
 dbb1005ec00f27293877d9389949d84a5c57c807bbe84da4a97c54a386d425ed 11016 tryton-server_6.0.29-2+deb12u3_amd64.buildinfo
Files:
 ce1aa6b7246b9dd46dc8c4dd0c305db8 2985 python optional tryton-server_6.0.29-2+deb12u3.dsc
 a5717c67b0c311e2ce89f6d8b6102490 59036 python optional tryton-server_6.0.29-2+deb12u3.debian.tar.xz
 cd810364a499d631e009757804f4e07c 11016 python optional tryton-server_6.0.29-2+deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Signed by Mathias Behrle

iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAmbtLAQRHG1hdGhpYXNi
QG05cy5iaXoACgkQ1tCb5IQFu/b9DxAAoRxrxZd2ilVda4PJbvRXZdxJNh1dpXAX
eId14cgexJd8X4TrGJCl1cfjI60dDMGVP94ujSkqPint9W5PgR822zvpBC5Rp2b0
qPbVkyAxVEYG/nNFQzGRXg2x4EkTCt9pv7/49jXF8oMPR/dtrDCbI4pJBeelwkht
DUp0tgEqNLpZqLRo1UoYbQZjU5elqLXEg0NpuYDZNVCjpA5vsAfIC2jTh0zkhARY
LbxzKTG8VwKaBHeysLFZbG1jISvCQzjisdir/5/UfjamkFM7YpVeTiJXgwKNhN+F
usSvP2oidhy+ACutQ7BtZOZjrDbzZQ3hFjUDWqW+rJN1aRmiKk+JtDoR+/ZOrRf8
tEOXnjPna6ZI+zpbiw0omAWL2I575MMBAsfEdUjIYq2jqQHCIWvzvixQNoPxiJnm
ywz1aJZ4GLT3Jx2QOWgN6bF2vIS/7dhsB9y2Ki4IQoSQBh1ez38NgpOhRbyD/LlW
pL0J2Q6AXGHXgyuTYuVgqSjE4hzgB3tObkB+oPxZ8zOfdCs1uOWFRjYioTP/DP3E
XCepQVHU5IQhuS03hRSsX/+Xbl1vBfWuWjkkbWHJRXRISD3fTq1nQX6ide/Tr49w
gY6kbZvEuOsasGcaFK3LlkthjSruEc8Rw9Uga6wc3Th0gY8VIelSAIHzzWDWBTfU
ryeTG9Av7u0=
=p533
-----END PGP SIGNATURE-----