Candidate: CVE-2017-0360
PublicDate: 2017-04-04 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0360
 https://lists.debian.org/debian-security-announce/2017/msg00084.html
Description:
 file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated
 users with certain permissions to read arbitrary files via a "same root
 name but with a suffix" attack. NOTE: This vulnerability exists because of
 an incomplete fix for CVE-2016-1242.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N [5.3 MEDIUM]

Patches_tryton-server:
 upstream: http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8
upstream_tryton-server: released (4.2.1-2)
precise_tryton-server: ignored (reached end-of-life)
precise/esm_tryton-server: DNE (precise was needs-triage)
trusty_tryton-server: ignored (reached end-of-life)
trusty/esm_tryton-server: DNE (trusty was needed)
vivid/stable-phone-overlay_tryton-server: DNE
vivid/ubuntu-core_tryton-server: DNE
xenial_tryton-server: ignored (end of standard support, was needed)
yakkety_tryton-server: ignored (reached end-of-life)
zesty_tryton-server: not-affected (4.2.1-2)
artful_tryton-server: not-affected (4.2.1-2)
bionic_tryton-server: not-affected (4.2.1-2)
cosmic_tryton-server: not-affected (4.2.1-2)
disco_tryton-server: not-affected (4.2.1-2)
eoan_tryton-server: not-affected (4.2.1-2)
focal_tryton-server: not-affected (4.2.1-2)
groovy_tryton-server: not-affected (4.2.1-2)
hirsute_tryton-server: not-affected (4.2.1-2)
impish_tryton-server: not-affected (4.2.1-2)
jammy_tryton-server: not-affected (4.2.1-2)
devel_tryton-server: not-affected (4.2.1-2)