It was found that Tryton did not sanitize file extensions provided from the Tryton server. A malicious server could use this flaw to write to files accessible to the user running the Tryton client. A patch is available from the following: http://hg.tryton.org/tryton/rev/357d0a4d9cb8 References: http://lists.debian.org/debian-security-announce/2013/msg00203.html https://bugs.tryton.org/issue3446
Created tryton tracking bugs for this issue: Affects: fedora-all [bug 1026280] Affects: epel-all [bug 1026281]
possible CVE request: http://www.openwall.com/lists/oss-security/2013/11/04/1
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.