-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 21 Oct 2025 13:12:38 +0200 Source: tryton-sao Binary: tryton-sao Architecture: source all Version: 7.0.28+ds1-1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian Tryton Maintainers Changed-By: Mathias Behrle Description: tryton-sao - Tryton application platform - web client Changes: tryton-sao (7.0.28+ds1-1+deb13u1) trixie-security; urgency=high . * Add 01_xss_vulnerability_attachments_preview.patch. Patch for security issue: https://discuss.tryton.org/t/security-release-for-issue-14290/8895 The HTML element used to display the document is based on the mimetype. And by default a sandboxed iframe is used to isolate the unsafe content from the parent context. Checksums-Sha1: 1fa9981d51cac1d5a7b4dbec4364e58b5855cb7f 2101 tryton-sao_7.0.28+ds1-1+deb13u1.dsc 6c90839a73bed621eafca51946b70b89aa16b5e0 1554772 tryton-sao_7.0.28+ds1.orig.tar.xz ade0f9a5a74b4cb8977356be6a03b7c7a251f0c1 38836 tryton-sao_7.0.28+ds1-1+deb13u1.debian.tar.xz 438696c3bf8085b37b81b333f67fae4bf9a4df48 1644352 tryton-sao_7.0.28+ds1-1+deb13u1_all.deb e6d35e9e6f8d63f8ab0211edfd062391f8202fef 8499 tryton-sao_7.0.28+ds1-1+deb13u1_amd64.buildinfo Checksums-Sha256: 43dd4bb39df0162b2645f7a0010bfb52166c8d58adafcfa6813f160e4b68c2ae 2101 tryton-sao_7.0.28+ds1-1+deb13u1.dsc c21fff02d657e90fbddfbfc9fb980232d3b9ae16bed5f6a599a453d253fd1ec9 1554772 tryton-sao_7.0.28+ds1.orig.tar.xz 746393319ea980985b71c0f9cb76dab6a64a556b7ac6c838e92f3ea7d58ca89f 38836 tryton-sao_7.0.28+ds1-1+deb13u1.debian.tar.xz 109692488fd434464e3776b2e4a08762464bd3beed9e5d52307615693cf2fdfd 1644352 tryton-sao_7.0.28+ds1-1+deb13u1_all.deb 990cdbb74abc00c78e4b0c2b9e942bdfa8b57a38bafdc77ff1d7c6c6f689653c 8499 tryton-sao_7.0.28+ds1-1+deb13u1_amd64.buildinfo Files: 02880b2ce56d814258e03923dd614e36 2101 web optional tryton-sao_7.0.28+ds1-1+deb13u1.dsc ddb3690276861a8635eb02ce85ddd19e 1554772 web optional tryton-sao_7.0.28+ds1.orig.tar.xz 309aa2e9035b348f9f6d5aae428f7ceb 38836 web optional tryton-sao_7.0.28+ds1-1+deb13u1.debian.tar.xz ddb3b28613670a6b8a5188824854fb96 1644352 web optional tryton-sao_7.0.28+ds1-1+deb13u1_all.deb 635425000c8b53a192f38bcb42717f9e 8499 web optional tryton-sao_7.0.28+ds1-1+deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- Comment: Signed by Mathias Behrle iQJFBAEBCgAvFiEErCl+XEa50LYccXaB1tCb5IQFu/YFAmj3a3gRHG1hdGhpYXNi QG05cy5iaXoACgkQ1tCb5IQFu/bXuBAAkbQB1SdBIxGEVf7miqK7oMPWcFuHpb8y zVTev2lkecwmkkjsGcboQouy4Vd5muZpR2FdLtuKHiLYd7Ibi/bHaYV2L7Erlffi FNOCkO5qrolhoUlGUMyiJgbLWbxBy00tnziO7B5Warsroz42uwfxKZojwFPEi3wg 0DwFt1GIDF8eiTAj3rqS6yMxr8CtCwLRNI0fCdG9Ielm+5JRE4ON5aUggIXC+xkO DWly2vtxg4EZ+nUicjgdyQhNUT2U0H28wYvApCaDrugs9vaAZQ2yl97XduRLSPXo PuSsyBUeeSWpPHs6TYbplwfJloOySXwkOqT7737u/rpzftee74jxDKuRxKKNcjZd w0m8dzQDavMmAA15SDa7O8kK0l2OmXwOz2Lpc6esMrPWi0S9YEJV1T4JTery4gYO YtELwUGr5vMQRn1mz8Cv4yKVErgdffNwmg1WouBz55qsI2Di06A2gF+bTVwVZ+j6 qlMCBFRxNKbQU71UxoEaaBHDV8yWTM5K7RfuyJaDp3BVpohcBhazkVamrVYIjsf3 OjvzdT4IF76xM/2CshwiWdP0LLHNQ4qZHVQtbNrJ+EdXIfnxGI7bm/NW07Pei+dH 9jvLFKXCxrrNTQFiJegS1o1xB2uJnUZe5ZDO4qFAgBkXG9ONlBQNSP6D1FNCNHgg vd3f9/c0UrA= =YG2+ -----END PGP SIGNATURE-----